On the 09/06/10 a vulnerability in Microsoft Windows Help and Support Center (HSC) application helpctr.exe was disclosed.
This vulnerability affects Windows XP and Windows Server 2003, and could allow remote code execution. It does not affect Windows Vista, Windows 7 and Windows Server 2008 (including R2) as they do not include the HSC. Proof of concept code against Windows XP was also disclosed; however Microsoft are not aware of active attacks exploiting this vulnerability.
Currently Microsoft has not yet released a patch to fix the problem – see mitigations below.
Vulnerability details
On Windows XP and Windows Server 2003, the helpctr.exe application is the registered protocol handler for hcp:// URIs. A vulnerability exists in how these URIs are handled, such that following a specially-crafted URI, or visiting a specially-crafted Web page, could allow an attacker to execute code with the privileges of the user, since the HSC resides in a trusted zone.
Mitigations
See: http://www.microsoft.com/technet/security/advisory/2219475.mspx
Microsoft recommends unregistering the hcp:// protocol handler via a registry script. It is important to note that this will also affect legitimate HSC functionality and that Microsoft does not recommend relying on the hotfix that was included with the disclosed vulnerability.