← back
CVE-2010-1885

CVE-2010-1885

EPSS 75.5%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 75.5%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
09 Jun 2010Metasploit module available
10 Jun 2010Public PoC
14 Jun 2010Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.