The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Microsoft Security Bulletin MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion
Time: 00:11 EST/05:11 GMT | News Source: Microsoft TechNet Security | Posted By: Matthew Sabean

Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance.

A security vulnerability is present in the Windows XP version of Help and Support Center, and results because a file intended only for use by the system is instead available for use by any web page. The purpose of the file is to enable anonymous upload of hardware information, with the user’s permission, so that Microsoft can evaluate which devices users are not currently finding device drivers for. This information is then used to work with hardware vendors and device teams to improve the quality and quantity of drivers available in Windows. By design, after attempting to upload an XML file containing the hardware information, the system deletes it.

An attacker could exploit the vulnerability by constructing a web page that, when opened, would call the errant function and supply the name of an existing file or folder as the argument. The attempt to upload the file or folder would fail, but the file nevertheless would be deleted. The page could be hosted on a web site in order to attack users visiting the site, or could be sent as an HTML mail in order to attack the recipient when it was opened.

Download locations for this patch:

Write Comment
Return to News

  Displaying 426 through 429 of 429
Prev | First
  The time now is 7:10:50 AM ET.
Any comment problems? E-mail us
#426 By 4240821 (23.230.77.30) at 1/25/2025 1:49:30 AM
https://justpaste.me/XoBw2
https://justpaste.me/XPzs1
https://justpaste.me/Xyln3
https://justpaste.me/XnXd1
https://justpaste.me/XaSz
https://justpaste.me/XaU5
https://justpaste.me/XtJS1
https://justpaste.me/XfvH4
https://justpaste.me/XuPu
https://justpaste.me/Xgv9

#427 By 4240821 (176.100.131.189) at 1/27/2025 2:34:32 PM
https://justpaste.me/XfwZ1
https://justpaste.me/Xdbm2
https://justpaste.me/Xf5T
https://justpaste.me/XiDY2
https://justpaste.me/XurR
https://justpaste.me/XfuH5
https://justpaste.me/Y0nD1
https://justpaste.me/Xcfb1
https://justpaste.me/XftH2
https://justpaste.me/XgMC2

#428 By 4240821 (142.111.253.203) at 1/28/2025 4:51:38 PM
https://justpaste.me/Xrbw
https://justpaste.me/XPm7
https://justpaste.me/XuA1
https://justpaste.me/Xmyr2
https://justpaste.me/XjOP3
https://justpaste.me/XWqf2
https://justpaste.me/XwVS
https://justpaste.me/XiNy2
https://justpaste.me/Y1bj5
https://justpaste.me/XeJA1

#429 By 4240821 (193.36.231.79) at 1/29/2025 9:45:21 PM
https://justpaste.me/Y2qI1
https://justpaste.me/XRd91
https://justpaste.me/Xuhm
https://justpaste.me/XrnI
https://justpaste.me/XOUX3
https://justpaste.me/Y2LS3
https://justpaste.me/Y0Qm1
https://justpaste.me/Xnv02
https://justpaste.me/Y2uV2
https://justpaste.me/XuJm1

Write Comment
Return to News
  Displaying 426 through 429 of 429
Prev | First
  The time now is 7:10:50 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *