Windows XP 0-day flaw: remote code execution, exploit released!


Recommended Posts

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

Additionally, there is a stack overflow vulnerability in winhlp32.exe.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept) for WinXP vulnerability: http://isec.pl/poc-isec27/?? :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

but what if i dont use internet explorer?

Setting the default internet security zone in IE to "High" will protect you from this exploit.

Also, there will undoubtedly be a patch for it, since Windows XP is in extended support until 2014.

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

==> yet another reason NOT to use IE. ;)

As much as I love Windows Seven, I'll be glad when they fully purge IE from Windows completely.

  On 27/02/2010 at 12:37, carmatic said:

but what if i dont use internet explorer?

Alot of those who stick with XP (businesses) do so its an issue for them.

  On 27/02/2010 at 13:04, Madoshi said:

what if i never ever under any circumstance press F1 in a message dialog?

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

Please, don't tell me that someone would actually comply!?

  On 27/02/2010 at 13:41, Buendia said:

Please, don't tell me that someone would actually comply!?

They all comply, i've never known an average user who has not complied

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

many schools too

  On 27/02/2010 at 13:37, Sadelwo said:
Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

i wouldn't, but i know plenty of people who would; fortunately i got them all to use Firefox or Chrome :)

  On 28/02/2010 at 06:24, Bioran23 said:

What's this? The 42,000th 0-day flaw?

Actually, there are probably only a handful of Zero-Day flaws. Most common exploits use patched flaws, but target users who never update. :no:

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!. Theres no reason for me to upgrade to Windows # as far as I have common sense and know how to use a PC properly.

except improved speed, stability, security, sand boxing, improved new hardware support, better feature sets, streamlined integration with new technology (.net, WPF, ectra) , UI taking advantage of more of your hardware (D2D) and regular patching and upgrades coming from microsoft...

*sigh* "NO REASON"

Still, this is a nasty bug for IE, but how has it gone this long without being detected? Or is it as bad as it seems? Am i misreading how simple it is to pull off?

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!.

FALSE! :no:

The flaw is in Windows XP's Help Files subsystem (winhlp32).

winhlp32 is no longer present in Vista/7 (there's only a fake stub for backward compatibility) because the .HLP files are deprecated ==> yet another reason to upgrade to Vista/7

Speed improved? What? about 2 miliseconds faster? OMG! Hurry! Let's BUY IT. Security?. What about the latest exploit affecting IE on 7 and vista?. Sandbox applications? To what? Sharepoint? There's other apps that can do that on XP. Improved new hardware? Hm, let's say MS is not even responsible about the hardware support.. thats responsibility of the hardware developers/companies. That was the WinME Failure. .NET still works on XP. WPF? HM, "pretty" apps that use more Hardware?. More gpu using for just render my desktop to make it look "pretty". Nop. NO REASON for me to upgrade.

if you stopped using internet exploder then that would help alot and use something better but xp still works well and why change something that works?well internet exploder needs to go.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • "Asus points out the security aspect, that you will lose support and thus there will be no security updates leaving your system exposed" Both Microsoft (for 3 years) and 0patch (for 5 years) offer ongoing security patches for a fee. https://learn.microsoft.com/en...w/extended-security-updates https://blog.0patch.com/2024/0...windows-10-with-0patch.html
    • I won't switch to W11 at home until I absolutely have to. This deadline depends on how long third-party software will be supported on W10 (such as browsers and image viewers and so on). I estimate that migration will be necessary around 2028, when the ESU program expires, but we'll see.
    • "not so intelligent after all" may be the best summary of this whole mess. And yeah, those opt-outs are practically hidden like Easter eggs, if you're lucky enough to even find them.
    • Asus joins Microsoft, AMD, Dell, urges you to "prepare for mandatory Windows 11 upgrade" by Sayan Sen Sometime earlier this year, Microsoft quietly updated the minimum CPU requirements guidance for Windows 11 24H2. Neowin noticed the change this past week as the support document now classifies a family of CPUs from each vendor, AMD, Intel, and Qualcomm, such that users find it easier to make out which processors are capable of being Copilot+ PC certified. Major OEM and hardware manufacturer Asus recently published a couple of blog posts regarding the upcoming Windows 10 end of support. The company says that it is now time to "prepare for the mandatory Windows 11 upgrade" by taking "essential steps." It writes: "With a mandatory Windows update on the horizon, there are essential steps you should take to ensure a smooth upgrade experience. Proper preparation will not only safeguard your files and system but will also allow you to take full advantage of the innovative features Windows 11 has to offer..." If you are on Windows 10 and are wondering why should you even bother upgrading, Asus points out the security aspect, that you will lose support and thus there will be no security updates, leaving your system exposed. The firm is certainly right, there are real dangers out there. For example, the Lumma infostealer impacted over 394,000 PCs worldwide (download this Defender definition for new ISO installations). Even official Windows files and folders can be vulnerable as we saw with the inetpub folder. However, Asus wants you to get excited about Copilot, the new AI assistant that Microsoft has been busy pushing everywhere on its apps and services. Echoing the same sentiment as Microsoft, and others like Dell and AMD, Asus says Copilot is what sets Windows 11 apart from 10 as it writes: "What makes Windows 11 different? One word: Copilot. ... If you’ve ever wished your computer could just “do the thing” you’re trying to describe — Copilot is your new best friend." Asus also says that you will be making the "smart move" by switching to Windows 11 now from 10. In the blog post under a subheading titled "It’s Not Just an Upgrade, It’s a Smart Move." The Taiwanese firm writes, "Upgrading to Windows 11 isn’t just about staying current ― it’s also about staying safe, working smarter, and getting more out of your computer every day." As such, the company also published a guide on how to proceed with the upgrade. Do you agree with Asus? When are you upgrading? Let us know below!
  • Recent Achievements

    • Posting Machine
      Fiza Ali earned a badge
      Posting Machine
    • One Year In
      WaynesWorld earned a badge
      One Year In
    • First Post
      chriskinney317 earned a badge
      First Post
    • Week One Done
      Nullun earned a badge
      Week One Done
    • First Post
      sultangris earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      181
    2. 2
      snowy owl
      130
    3. 3
      ATLien_0
      127
    4. 4
      Xenon
      119
    5. 5
      +Edouard
      91
  • Tell a friend

    Love Neowin? Tell a friend!