also @ TechSpot: Nortel's internal network "owned" by hackers for almost a decade
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > TechSpot Community > General Discussion
Reload this Page Win-XP Help Center request wipes your HD

Download Now:

Win-XP Help Center request wipes your HD
Thread Tools Search this Thread
  #1  
Old 09-12-2002
StormBringer's Avatar
TechSpot Evangelist
  
Location: USA
Member since: Apr 2002, 2,871 posts
Win-XP Help Center request wipes your HD
The full story is here

Quote:

By Thomas C Greene in Washington
Posted: 11/09/2002 at 13:15 GMT


A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement. A good sketch of the problem in English, along with a harmless self-test, can be found here, thanks to Mike at http://unity.skankhouse.org, who did some tinkering after noticing a tip on a BBS.




To verify the exploit all you need to do is pop the following request into any address bar (IE, Win Explorer, etc): hcp://system/DFS/uplddrvinfo.htm?file://c:\test\* and the directory 'test' will be emptied after a couple of Help Center 'wizard' pages pop up uselessly to distract you......

The example works as advertised, so anyone wanting to play with it should create a test directory with copies of files. Of course you can delete your entire root directory with this approach if you so choose.......
  #2  
Old 09-13-2002
poertner_1274's Avatar
secroF laicepS topShceT
  
Location: Saint Louis, MO, USA
Member since: Feb 2002, 4,742 posts
System specs
I heard about this the other day from one of my buddies. I don't understand why M$ wouldn't say something about it. This is the sort of stuff that makes me mad about those rich aholes. But that is just me. I hope there is a way to fix it.......
  #3  
Old 09-13-2002
Vehementi's Avatar
TechSpot Paladin
  
Location: Bellevue, WA
Member since: Feb 2002, 3,199 posts
System specs
This will fix it, and you can also read the full story over there.

grc.com is the best...
  #4  
Old 09-13-2002
TS | Thomas's Avatar
TechSpot Maniac
  
Location: Ireland
Member since: Feb 2002, 1,327 posts
Bit annoying to see some sits are only posting about this now. Came out over a month ago;
http://cert.uni-stuttgart.de/archive.../msg00224.html , which is when I posted about it

Resolution:
-----------------
Microsoft have noted they intend to roll the fix into SP1 for XP. I informed Microsoft I would be publishing this advisory in mid August during correspondance (late June) and received no objections.
Closed Thread

Similar Topics
Topic Replies Forum
Windows XP repair wipes out sp2 and sp3 9 Windows OS
Log files per request 1 Virus and Malware Removal
Help Request 2 Virus and Malware Removal
ATA Raid Help Request 1 Storage and Networking
request 1 Introduce yourself

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 11:20 AM.