Windows XP 0-day flaw: remote code execution, exploit released!


Recommended Posts

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

Additionally, there is a stack overflow vulnerability in winhlp32.exe.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept) for WinXP vulnerability: http://isec.pl/poc-isec27/?? :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

but what if i dont use internet explorer?

Setting the default internet security zone in IE to "High" will protect you from this exploit.

Also, there will undoubtedly be a patch for it, since Windows XP is in extended support until 2014.

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

==> yet another reason NOT to use IE. ;)

As much as I love Windows Seven, I'll be glad when they fully purge IE from Windows completely.

  On 27/02/2010 at 12:37, carmatic said:

but what if i dont use internet explorer?

Alot of those who stick with XP (businesses) do so its an issue for them.

  On 27/02/2010 at 13:04, Madoshi said:

what if i never ever under any circumstance press F1 in a message dialog?

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

Please, don't tell me that someone would actually comply!?

  On 27/02/2010 at 13:41, Buendia said:

Please, don't tell me that someone would actually comply!?

They all comply, i've never known an average user who has not complied

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

many schools too

  On 27/02/2010 at 13:37, Sadelwo said:
Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

i wouldn't, but i know plenty of people who would; fortunately i got them all to use Firefox or Chrome :)

  On 28/02/2010 at 06:24, Bioran23 said:

What's this? The 42,000th 0-day flaw?

Actually, there are probably only a handful of Zero-Day flaws. Most common exploits use patched flaws, but target users who never update. :no:

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!. Theres no reason for me to upgrade to Windows # as far as I have common sense and know how to use a PC properly.

except improved speed, stability, security, sand boxing, improved new hardware support, better feature sets, streamlined integration with new technology (.net, WPF, ectra) , UI taking advantage of more of your hardware (D2D) and regular patching and upgrades coming from microsoft...

*sigh* "NO REASON"

Still, this is a nasty bug for IE, but how has it gone this long without being detected? Or is it as bad as it seems? Am i misreading how simple it is to pull off?

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!.

FALSE! :no:

The flaw is in Windows XP's Help Files subsystem (winhlp32).

winhlp32 is no longer present in Vista/7 (there's only a fake stub for backward compatibility) because the .HLP files are deprecated ==> yet another reason to upgrade to Vista/7

Speed improved? What? about 2 miliseconds faster? OMG! Hurry! Let's BUY IT. Security?. What about the latest exploit affecting IE on 7 and vista?. Sandbox applications? To what? Sharepoint? There's other apps that can do that on XP. Improved new hardware? Hm, let's say MS is not even responsible about the hardware support.. thats responsibility of the hardware developers/companies. That was the WinME Failure. .NET still works on XP. WPF? HM, "pretty" apps that use more Hardware?. More gpu using for just render my desktop to make it look "pretty". Nop. NO REASON for me to upgrade.

if you stopped using internet exploder then that would help alot and use something better but xp still works well and why change something that works?well internet exploder needs to go.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • GT games are boring compared to Forza (Horizon or Motorsport)
    • Dead By Daylight and three more games join Xbox Free Play Days this weekend by Pulasthi Ariyasinghe As the weekend approaches, Microsoft has brought along another Free Play Days promotion for Game Pass subscribers to jump into. This time, Dead by Daylight, Headbangers: Rhythm Royale, Trailmakers, and Synduality Echo of Ada are all available for Xbox Game Pass Ultimate, Standard, and Core members for no extra cost. As always, any progress made during the weekend also carries over automatically if you decide to purchase a game afterward. From the four games available, Dead by Daylight should be the most familiar to most gamers. The multiplayer four-versus-one asymmetric survival horror game has you assuming the roles of survivors or the killer to see who can come out on top. Next, Headbangers: Rhythm Royale lands as a light-hearted, rhythm-based battle royale game. Up to 30 players can be in a single round, all represented as pigeons, before various mini-games involving increasingly difficult rhythm challenges get thrown at the group. The last remaining pigeon becomes the "Master Headbanger." Meanwhile, Trailmakers is a popular sandbox experience where you and your friends construct physics-based vehicles. A wide range of modular parts are offered for making these vehicles, with an exploration element also adding more options to search for. Adventure, sandbox, and racing modes arrive as options for playing either solo or in multiplayer. Lastly, the Synduality Echo of Ada is a sci-fi extraction shooter experience where you control mechs as you search for loot while fighting AI and other players. Here are the store links for the announced titles and their supported platforms: Dead by Daylight - $11.99 (Xbox Series X|S, Xbox One) Headbangers: Rhythm Royale - $3.99 (Xbox Series X|S, Xbox One, PC) Trailmakers - $14.99 (Xbox Series X|S, Xbox One, PC) SYNDUALITY Echo of Ada - $29.99 (Xbox Series X|S) This Free Play Days promotion will end on Sunday, June 22, at 11:59 pm PT. Following this, expect another round of games to enter the program next Thursday, June 26.
    • I'm not simping, I'm telling it how it is. This is the norm and has been forever. Profits need to keep growing, it doesn't matter if you are valued at a trillion or a million. As long as you are part of public trading that's the name of the game. If it's cheaper for the company to outsource, they will, and you'll get laid off. Welcome to capitalism 101. Like I said, the problem is the system itself.
    • Samsung may offer Galaxy AI free for life on the Galaxy Z Fold7, Z Flip7, and Z Flip7 FE by Sagar Naresh Bhavsar Samsung is all set to unveil its latest foldables: the Galaxy Z Fold7, Z Flip7, the affordable Z Flip7 FE, along with the Galaxy Watch8 series at the Unpacked event, possibly in New York City. The Galaxy Z Fold7 is expected to be the thinnest book-style foldable from the company, while the Galaxy Z Flip7 is tipped to come with a full-screen cover display. These devices are almost confirmed to launch with Android 16-based One UI 8 out of the box, the beta of which is already live for the Galaxy S25 series. Samsung is also expected to give a glimpse of its first XR headset, the Galaxy XR, dubbed "Project Moohan," at the event. However, there may be something more exciting coming for upcoming foldable fans. A reliable leaker, PandaFlashPro on X, has tipped that you might get all Galaxy AI features for free for life with the upcoming Galaxy Z Flip7 and Galaxy Z Fold7. Notably, Galaxy AI will also reportedly be permanently free on the affordable Galaxy Z Flip7 FE. The leaker also claimed that the Galaxy Z Fold7, Z Flip7, and Z Flip7 FE will also come with Gemini Advanced plus 2TB of cloud storage, free for six months. This is similar to theoffer that Samsung offered the Galaxy S25 series earlier this year. However, the company cleared the air that the Galaxy AI features on the Galaxy S25 series will be free till the end of 2025, after which a subscription-based model will be introduced. If true, then you will be able to enjoy Galaxy AI features such as Sketch to Image, Generative Image, Note Assist, Live Translate, Interpreter, Chat Assist, etc., free for a lifetime on the upcoming foldables, setting it apart from its competitors.
  • Recent Achievements

    • First Post
      MikeK13 earned a badge
      First Post
    • One Month Later
      OHI Accounting earned a badge
      One Month Later
    • Week One Done
      OHI Accounting earned a badge
      Week One Done
    • First Post
      Thornskade earned a badge
      First Post
    • Week One Done
      Higante88 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      705
    2. 2
      ATLien_0
      267
    3. 3
      Michael Scrip
      202
    4. 4
      +FloatingFatMan
      173
    5. 5
      Steven P.
      130
  • Tell a friend

    Love Neowin? Tell a friend!