------------------------------------------------------------------
http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY
Help and Support Centre is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp", a typical example is provided in the Windows XP Command Line Reference, available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered protocol handler the command line parameter /fromhcp is passed to the help centre application. This flag switches the help centre into a restricted mode, which will only permit a whitelisted set of help documents and parameters.
This design, introduced in SP2, is reasonably sound. A whitelist of trusted documents is a safe way of allowing interaction with the documentation from less-trusted sources. Unfortunately, an implementation error in the whitelist allows it to be evaded.
[...]
Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user.
----------------------------------------------------------------------
Check the link above for possible mitigation techniques....at least until a fix is released from Microsoft.
The Register UK has a write up as well.
No comments:
Post a Comment