CERT mailing list archives

Current Activity - Microsoft Windows Help and Support Center Vulnerability

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 10 Jun 2010 11:16:27 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft Windows Help and Support Center Vulnerability

Original release date: June 10, 2010 at 11:01 am
Last revised: June 10, 2010 at 11:01 am


US-CERT is aware of a vulnerability affecting the Mircosoft Windows
Help and Support Center. This vulnerability is due to improper
sanitization of hcp:// URIs. Exploitation of this vulnerability may
allow a remote, unauthenticated attacker to execute arbitrary
commands.

US-CERT encourages users and administrators to review Vulnerability
Note VU#578319 and implement the workarounds to help mitigate the
risks and reduce attack vectors.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.kb.cert.org/vuls/id/578319>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_windows_help_and_support

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTBEBvT6pPKYJORa3AQIg8Qf/RSnNKQS+rvCsti8LH+KeOUlHl7SeVQHt
C29y6h+Ge7DaL3K32gNFynpLT5/IlVJZyh1v4wtdnD+xmu7EMFE7lEXfLdiZCbJz
a5w3Yh5iHU/PRI/1+8OoeUiJHFWMwV8Y5TRU3uzmEY/LU0lpWMPaVZAbjYIylcWJ
Ez/kiC0N+9VifCGCdhdYNQhGN7edfO6XFEewk4FfBCVkSbP2vvNECxTRSIJOe6K9
XZv9F6MwHv/pUPh5fUZy5NZHGOefyRzT9bNPRmc96NX8/P2bCHE4ILKT36+WKIcs
8DCV2ESDJKagR5X0Cgw9fuPHWspaWG9oAeuPr4363qPlOQt+usKEQQ==
=AXj+
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Microsoft Windows Help and Support Center Vulnerability Current Activity (Jun 10)