Status Tracking Note JVNTR-2010-19

Vulnerability in Microsoft Windows Help and Support Center (CVE-2010-1885, MS10-042, TA10-194A)

Overview

A vulnerability exists in Microsoft Windows Help and Support Center.
Event Information

Date (UTC)Description
2010-07-15 23:32 Symantec
ThreatCON (2) => (2)
2010-07-14 01:32 JPCERT/CC
JPCERT-AT-2010-0018: July 2010 Microsoft Security Bulletin (including three critical patches)
Public notification for "Microsoft Security Bulletin Summary for July 2010"
2010-07-13 23:53 Microsoft
MS10-042: Microsoft Security Bulletin Summary for July 2010
Security Update (MS10-042) released.
2010-07-13 21:20 US-CERT
TA10-194A: Microsoft Updates for Multiple Vulnerabilities
Technical Cyber Security Alert publised via US-CERT Mailing List.
Public notification for "Microsoft Security Bulletin Summary for July 2010"
2010-07-13 17:30 SANS Internet Storm Center
July 2010 Microsoft Black Tuesday Summary
Public notification for "Microsoft Security Bulletin Summary for July 2010"
2010-07-13 17:25 US-CERT
Microsoft Releases July Security Bulletin
US-CERT Current Activity
Public notification for "Microsoft Security Bulletin Summary for July 2010"
2010-07-08 18:07 Microsoft
ms10-jul: Microsoft Security Bulletin Advance Notification for July 2010
Advance notification for Security Update.
2010-06-28 05:34 JPCERT/CC
JPCERT-AT-2010-0016: Zero-day Vulnerability in Windows Help and Support Center Protocol
2010-06-11 21:56 Microsoft
Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Fix it (Unregister the HCP Protocol) published.
2010-06-10 22:48 Microsoft
Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Security Advisory (2219475) published.
2010-06-10 21:50 SANS Internet Storm Center
Microsoft Security Advisory 2219475
Public notification for "Security Advisory (2219475) ".
2010-06-10 21:26 SANS Internet Storm Center
Microsoft Help Centre Handling of Escape Sequences May Lead to Exploit
Vulnerability proof-of-concept code has been posted to Mailing List.
2010-06-10 15:01 US-CERT
Microsoft Windows Help and Support Center Vulnerability
US-CERT Current Activity
Public notification for "Security Advisory (2219475) ".
2010-06-10 10:23 Symantec
ThreatCON (2) => (2)
2010-06-09 23:46 Full-disclosure
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
Vulnerability proof-of-concept code posted to Mailing List.
#Cid:40725_realplayer.ram
#Cid:40725.rb
#Tested: cpe:/o:microsoft:windows_xp + cpe:/a:microsoft:ie:6
#Tested: cpe:/o:microsoft:windows_xp + cpe:/a:microsoft:ie:7
#Tested: cpe:/o:microsoft:windows_xp + cpe:/a:microsoft:ie:8 + cpe:/a:microsoft:windows_media_player:9
2010-06-05
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
Vulnerability reported to vendor.
2010-06-05 Trend Micro
TROJ_HCPEXP.A

Reference

Date first published (UTC): 2010-07-11T06:48+00:00
Date last updated (UTC): 2010-07-31T06:23+00:00
Valid HTML 4.01!