CVE-2010-1885

N/A Unknown

Published: June 15, 2010 Modified: April 29, 2026

Description

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html

Source: secure@microsoft.com

Exploit

http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Source: secure@microsoft.com

http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/40076

Source: secure@microsoft.com

Vendor Advisory

http://www.exploit-db.com/exploits/13808

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/578319

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/2219475.mspx

Source: secure@microsoft.com

Vendor Advisory

http://www.securityfocus.com/archive/1/511774/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/511783/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/40725

Source: secure@microsoft.com

Exploit

http://www.securitytracker.com/id?1024084

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA10-194A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2010/1417

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/59267

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40076

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/13808

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/578319

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.microsoft.com/technet/security/advisory/2219475.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/511774/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/511783/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40725

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1024084

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA10-194A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2010/1417

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/59267

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733

Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

92.2%

100th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-78

Affected Vendors

microsoft

Related CVEs

CVE-2026-8431 7.2

CVE-2026-8430 8.1

CVE-2026-8429 8.8

CVE-2026-34684 5.5

CVE-2026-34683 5.5