This host is prone to remote code execution vulnerability.
Successful exploitation will allow remote attackers to execute arbitrary code or compromise a vulnerable system. Impact Level: System
Vendor has released a patch for the issue, refer below link for patch. http://www.microsoft.com/technet/security/bulletin/ms10-042.mspx
The flaws are due to: - An error in the 'MPC::HTML::UrlUnescapeW()' function within the Help and Support Center application (helpctr.exe) that does not properly check the return code of 'MPC::HexToNum()' when escaping URLs, which could allow attackers to bypass whitelist restrictions and invoke arbitrary help files. - An input validation error in the 'GetServerName()' function in the 'C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\commonFunc.js' script invoked via 'ShowServerName()' in 'C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfomain.htm', which could be exploited by attackers to execute arbitrary scripting code.
Windows XP Service Pack 2/3 Windows Server 2003 Service Pack 2.
- Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
- Adobe Flash Player Remote Code Execution Vulnerability (WinXP)
- Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
- Cisco VPN Client Privilege Escalation Vulnerability
- Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability