Microsoft Windows Help and Support Center URI processing vulnerability
|
D-SWAT
The Microsoft Windows Help and Support Center application fails to properly sanitize hcp:// URIs, which can allow a remote, unauthenticated attacker to execute arbitrary commands.
This vulnerability is caused due to an error in the MPC::HTML::UrlUnescapeW() function in helpctr.exe when escaping URLs. This can be exploited to bypass restrictions normally imposed by the -FromHCP command-line argument and load arbitrary help documents.
Successful exploitation allows execution of arbitrary commands through the use of an additional input sanitation error in the sysinfomain.htm help document, when opening a specially crafted hcp:// URL. This can happen as the result of viewing a specially crafted web page, opening a Windows Media Player file, or through the use of other attack vectors.
Solution:
1.Microsoft recommends that customers can follow the guidance in Security Advisory 2219475 to protect against this issue.
2.This vulnerability can be mitigated by removing the HCP protocol handler. This can be accomplished by removing the HKEY_CLASSES_ROOTHCPshellopen registry key. Note that this may interfere with Windows functionality that relies on the HCP protocol.
References:
http://www.microsoft.com/technet/security/advisory/2219475.mspx
http://www.kb.cert.org/vuls/id/578319
|
The information from Draytek Corp.
About DrayTek
DrayTek Corp., founded in 1997, is a global provider
of comprehensive network security, remote access
and VoIP solutions for residential/small office
and Small and Medium Enterprises(SME) use. To
meet the needs of customers for quality and cost-effectiveness,
DrayTek, with technologies integrated with real-time
Anti-Virus/Anti-Intrusion system, VPN, VoIP and
xDSL broadband access, has successfully delivered
total network protection worldwide. For more information,
please visit the company's website at http://www.draytek.com.
Press Contact:
DrayTek Marketing Dept.
press@draytek.com |
