John Topley's Knowledgebase

Dangerous Help And Support Centre Vulnerability

Friday, 30 May 2003

This article describes a dangerous vulnerability within the Windows XP Help and Support Centre and how to fix it.

Entering the following statement within the Internet Explorer address bar will delete all files within C:\test (once the Help and Support Centre window is closed):

hcp://system/DFS/uplddrvinfo.htm?file://c:\test\*

To fix:

Delete or rename C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm

–or–

Remove this code from uplddrvinfohtm:

var oFSO = new ActiveXObject("Scripting.FileSystemObject");
try
{
    oFSO.DeleteFile( sFile );
}

top | index | no previous | next | comments ()

home | archive | kb | media | about | contact | accessibility
Copyright © 2003 - 2005 John Topley. Made with CityDesk.
A collage of images, representing areas of this site
Home menu item
Archive menu item
Knowledge base menu item
Media menu item
About menu item
 

 
XML Syndication
Other Weblogs
Feedback