| VID |
26051 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q328940) for the "File Deletion Vulnerability in Windows XP Help and Support Center" has not been applied.
Microsoft Internet Explorer on Windows XP comes equipped with a protocol handler for the 'Help and Support Center' application. The browser runs requests to the HCP URI handler with relaxed Security Zone restrictions. One of the Help and Support Center application files (uplddrvinfo.htm) contains an ActiveX control which may be used to delete local files. Since the ActiveX control accepts filenames from the HCP URIs, it is possible for an attacker to abuse this situation via a malicious link. Because the browser runs the HCP request with relaxed restrictions, the user is not prompted when the ActiveX control is executed. However, it has been reported that a window with a "Get Help With Your Hardware Device" dialog is displayed when uplddrvinfo.htm is invoked, and that the utility will follow through with the commands if the user closes this window.
A remote attacker could create a specially-crafted HCP:// URL to the uplddrvinfo.htm Help and Support Center page, and delete files on another user's computer via either a web site or an email.
A number of other files are included in the Help and Support Center application which may also be used by a remote attacker to perform various actions on the client system via a maliciously constructed HCP URI.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS02-060.asp
* Platforms Affected:
Microsoft Windows XP |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS02-060, http://www.microsoft.com/technet/security/bulletin/MS02-060.asp
1. Open the following page :
For Windows XP 32-bit Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43681
For Windows XP 64-bit Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43676
2. Select your language from the drop-down list and then click <Go> button.
3. Click the <download> link to download this patch file.
4. Run this file to install the patch.
5. Reboot your system to complete installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2002-0974 (CVE) |
| Related URL |
5478 (SecurityFocus) |
| Related URL |
9878 (ISS) |
|
