|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU Virus Alert VA-2010-14

Exploit: Win32/CVE-2010-1885.gen

Date Published: June 28, 2010

Description

Alert Level: High

Aliases:

  • Exploit.HTML.CVE-2010-1885.a (Kaspersky)
  • Exploit/Cve-2010-1885 (Norman)
  • Exploit.CVE-2010-1885.C (BitDefender)
  • HTML/Exploit.CVE-2010-1885 (ESET)
  • Exploit.Win32.CVE-2010-1885 (Ikarus)
  • Exploit-CVE2010-1885 (McAfee)
  • Mal/HcpExpl-A (Sophos)
  • TROJ_HCPEXP.A (Trend Micro)
  • Exploit.HTML.HCP.a (Sunbelt Software)

Systems Affected

Description / Effects

Exploit:Win32/CVE-2010-1885.gen is a generic detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the local computer.

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptom(s).

Installation

Exploit:Win32/CVE-2010-1885.gen may be encountered if a Windows XP/2003 user is enticed to browse a malicious Web page or click on a hyperlink that contains the exploit.

The exploit passes a URL (for example, hcp://<URL>) to "helpctr.exe" using specific escape sequences that could result in the execution of arbitrary code. This exploit affects computers running Windows XP/2003 with Internet Explorer 8 (or below) and Windows Media Player 9. Upgrading to Windows Media Player 10 prevents the exploit from running without a prompt.

Users are advised to implement the following countermeasures:

  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources.  Use extreme caution when accepting file transfers from known or unknown sources.
  • Exercise caution with links to Web pages that you receive from unknown sources, especially if the links are to a Web page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your system simply by visiting a Web page with harmful content.
  • Avoid downloading pirated software.
  • Protect yourself against social engineering attacks.
  • Use a strong password – one that cannot be easily guessed by an attacker.

References

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

E-mail:


Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
9th Floor, Stratton Court
La Poudriere Street
Port Louis

  
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +