QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2265

Published: Jun 14, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT-VN

20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

mailing-list

x_refsource_BUGTRAQ

ms-win-helpctr-command-execution(59267)

vdb-entry

x_refsource_XF

20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

mailing-list

x_refsource_FULLDISC

http://www.microsoft.com/technet/security/advisory/2219475.mspx

x_refsource_MISC

http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

x_refsource_MISC

http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.