Win-XP Help Center request wipes your HD

[StormBringer]

The full story is here

By Thomas C Greene in Washington
Posted: 11/09/2002 at 13:15 GMT


A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement. A good sketch of the problem in English, along with a harmless self-test, can be found here, thanks to Mike at http://unity.skankhouse.org who did some tinkering after noticing a tip on a BBS.




To verify the exploit all you need to do is pop the following request into any address bar (IE, Win Explorer, etc): hcp://system/DFS/uplddrvinfo.htm?file://c:\test\* and the directory 'test' will be emptied after a couple of Help Center 'wizard' pages pop up uselessly to distract you......

The example works as advertised, so anyone wanting to play with it should create a test directory with copies of files. Of course you can delete your entire root directory with this approach if you so choose.......

 

[poertner_1274]

I heard about this the other day from one of my buddies. I don't understand why M$ wouldn't say something about it. This is the sort of stuff that makes me mad about those rich aholes. But that is just me. I hope there is a way to fix it.......

 

[Vehementi]

This will fix it, and you can also read the full story over there.

grc.com is the best...

 

[TS | Thomas]

Bit annoying to see some sits are only posting about this now. Came out over a month ago;
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.html , which is when I posted about it

Resolution:
-----------------
Microsoft have noted they intend to roll the fix into SP1 for XP. I informed Microsoft I would be publishing this advisory in mid August during correspondance (late June) and received no objections.