Windows XP 0-day flaw: remote code execution, exploit released!


Recommended Posts

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

Additionally, there is a stack overflow vulnerability in winhlp32.exe.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept) for WinXP vulnerability: http://isec.pl/poc-isec27/?? :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

but what if i dont use internet explorer?

Setting the default internet security zone in IE to "High" will protect you from this exploit.

Also, there will undoubtedly be a patch for it, since Windows XP is in extended support until 2014.

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

==> yet another reason NOT to use IE. ;)

As much as I love Windows Seven, I'll be glad when they fully purge IE from Windows completely.

  On 27/02/2010 at 12:37, carmatic said:

but what if i dont use internet explorer?

Alot of those who stick with XP (businesses) do so its an issue for them.

  On 27/02/2010 at 13:04, Madoshi said:

what if i never ever under any circumstance press F1 in a message dialog?

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

Please, don't tell me that someone would actually comply!?

  On 27/02/2010 at 13:41, Buendia said:

Please, don't tell me that someone would actually comply!?

They all comply, i've never known an average user who has not complied

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

many schools too

  On 27/02/2010 at 13:37, Sadelwo said:
Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

i wouldn't, but i know plenty of people who would; fortunately i got them all to use Firefox or Chrome :)

  On 28/02/2010 at 06:24, Bioran23 said:

What's this? The 42,000th 0-day flaw?

Actually, there are probably only a handful of Zero-Day flaws. Most common exploits use patched flaws, but target users who never update. :no:

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!. Theres no reason for me to upgrade to Windows # as far as I have common sense and know how to use a PC properly.

except improved speed, stability, security, sand boxing, improved new hardware support, better feature sets, streamlined integration with new technology (.net, WPF, ectra) , UI taking advantage of more of your hardware (D2D) and regular patching and upgrades coming from microsoft...

*sigh* "NO REASON"

Still, this is a nasty bug for IE, but how has it gone this long without being detected? Or is it as bad as it seems? Am i misreading how simple it is to pull off?

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!.

FALSE! :no:

The flaw is in Windows XP's Help Files subsystem (winhlp32).

winhlp32 is no longer present in Vista/7 (there's only a fake stub for backward compatibility) because the .HLP files are deprecated ==> yet another reason to upgrade to Vista/7

Speed improved? What? about 2 miliseconds faster? OMG! Hurry! Let's BUY IT. Security?. What about the latest exploit affecting IE on 7 and vista?. Sandbox applications? To what? Sharepoint? There's other apps that can do that on XP. Improved new hardware? Hm, let's say MS is not even responsible about the hardware support.. thats responsibility of the hardware developers/companies. That was the WinME Failure. .NET still works on XP. WPF? HM, "pretty" apps that use more Hardware?. More gpu using for just render my desktop to make it look "pretty". Nop. NO REASON for me to upgrade.

if you stopped using internet exploder then that would help alot and use something better but xp still works well and why change something that works?well internet exploder needs to go.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • AMD preps Ryzen 9600X3D for those who want a taste of the fastest gaming CPU for cheap by Sayan Sen AMD desktop processors are available across two platforms: socket AM4 and socket AM5. Both of these sockets are still going pretty strong, and the company is offering deals and discounts for both as it continues to release new SKUs for its older platform. For example, the company launched an affordable X3D processor for AM4 this month with the new 5500X3D. These gaming CPUs from AMD have been a massive success, as both AM4 and AM5 X3D chips are quite popular among gamers, and for good reason, too. They are fast, very fast. The massive chunk of vertical 3D stacked last-level cache (LLC) Level 3 cache helps these processors a ton in scenarios such as gaming. In our Ryzen 9 9950X3D review, we saw that 300+ frames per second are possible depending on the game title. While we did not review the 8-core 9800X3D, it has been found to be even slightly faster than the 9950X3D and is currently the most powerful gaming CPU on the planet. The Ryzen 9 9800X3D is selling these days for around $440-$500, and that may still be out of budget for many users. As such, similar to the 5600X3D, which is a 6-core 5000X3D processor cut down from the 8-core 5800X3D, AMD is planning to launch a hexacore Ryzen 5 9600X3D that will have two cores disabled compared to the 9800X3D. The information has been uncovered from the recent system integrator (SI) graphics driver for the recently launched Radeon AI PRO R9700 discrete GPU. The driver (Windows SI Driver for Radeon AI PRO R9700, Version 25.10.13.01) confirms the existence of 9600X3D as well as a 9600 non-X SKU and several other Ryzen PRO 9000 CPUs. The full list of upcoming CPUs is given below: Ryzen 5 9600X3D Ryzen 5 9600 AMD Ryzen 9 PRO 9945 Ryzen 7 PRO 9745 Ryzen 5 PRO 9645 Ryzen 5 PRO 9400 In terms of specs, the core configuration of the 9600X3D will be identical to the Ryzen 9600X and 9600, barring things like clock speeds. However, the six-core X3D will have a lot more L3 cache at 96 MB vs 32 MB on the 9600X and 9600. There is no information on pricing at the moment. Source: AMD (spotted by Mellodic Warrior on X)
    • With the dwindling number of TV license payers the BBC has to look for alternative avenues for income.
    • Bet they remove some sound card, wifi and bluetooth drivers that are still used today in some prebuilts. Seen some very old drivers still being used for those components. Printers can be bad also with very outdated but still working drivers.
    • If its anything like the TV licence they will send a few men around knocking and a letter every week saying they will take you to court.
  • Recent Achievements

    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator
    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      680
    2. 2
      ATLien_0
      275
    3. 3
      Michael Scrip
      221
    4. 4
      +FloatingFatMan
      170
    5. 5
      Steven P.
      163
  • Tell a friend

    Love Neowin? Tell a friend!