| VID |
26517 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS10-042, 2229593) for 'Vulnerability in Help and Support Center Could Allow Remote Code Execution' has not been applied.
This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx
* Platforms Affected:
Windows XP SP2 and SP3
Windows Server 2003 SP2 |
| Recommendation |
Apply the appropriate patch (2229593) for your system, as listed in Microsoft Security Bulletin MS10-042 at http://www.microsoft.com/technet/security/bulletin/ms10-042.mspx |
| Related URL |
CVE-2010-1885 (CVE) |
| Related URL |
40725 (SecurityFocus) |
| Related URL |
(ISS) |
|
