Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability

Microsoft Windows Help And Support Center is prone to a trusted document whitelist bypass vulnerability. This issue may allow remote untrusted attackers to access arbitrary help documents which may lead to various attacks.

An attacker can combine this vulnerability with another issue, such as the weakness described in BID 40721 (Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness) to execute arbitrary code on a vulnerable computer.

NOTE: This issue may cause Internet Explorer 8 and other browsers to launch a warning dialog box, but this protection can be evaded by placing the attacker-supplied link in a media file and supplying the file to a user through the browser, which then launches Windows Media player and doesn't cause the warning dialog to be presented. Internet Explorer 7 and prior versions do not launch any dialog boxes when this issue is triggered.

This issue is reported to affect Windows XP and Windows Server 2003; other versions of Windows may be vulnerable as well.


 

Privacy Statement
Copyright 2010, SecurityFocus