Flaw in Windows Me Could Enable Code Execution

[TS | Thomas]

Help & Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, & other assistance. Users & programs can execute URL links to Help & Support Center by using the "hcp://" prefix in a URL link instead of "http://". A security vulnerability is present in the Windows Me version of Help & Support Center, & results because the URL Handler for the "hcp://" prefix contains an unchecked buffer.

Affected Software:
Microsoft Windows Me

Patch availability:
Microsoft Windows Me

 

[poertner_1274]

Wasn't there some sort of problem like this with XP a little while ago? I remember hearing about something quite similar.

 

[TS | Thomas]

Yup there was. The fix is included with XP Service Pack 1 as far as a I recall.

 

[poertner_1274]

Yes I think so. It was pretty bad, because there were quite a few people that knew about it and exploited it BEFORE M$ released the story, and SP1 to fix it.

 

[Vehementi]

Just what we need, another Windows ME flaw

I'm surprised they didn't find out about this sooner, with the same thing happening with Windows XP. What's that about??

 

[Unregistered]

Solution, get rid of Windows ME. Has to be the worst OS out of Redmond ever.

 

[Arris]

Originally posted by Vehementi
Just what we need, another Windows ME flaw

I'm surprised they didn't find out about this sooner, with the same thing happening with Windows XP. What's that about??

Maybe they didn't find out about it because there are only a few owners of typewriters with screens that are actually using ME

 

[poertner_1274]

LOL good point. It is kind of the same way as 98 and so on, where M$ is discontinuing help for those OS's, since they are getting outdated, and people should upgrade to XP, etc..