Windows XP 0-day flaw: remote code execution, exploit released!


Recommended Posts

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

Additionally, there is a stack overflow vulnerability in winhlp32.exe.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept) for WinXP vulnerability: http://isec.pl/poc-isec27/?? :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

but what if i dont use internet explorer?

Setting the default internet security zone in IE to "High" will protect you from this exploit.

Also, there will undoubtedly be a patch for it, since Windows XP is in extended support until 2014.

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

==> yet another reason NOT to use IE. ;)

As much as I love Windows Seven, I'll be glad when they fully purge IE from Windows completely.

  On 27/02/2010 at 12:37, carmatic said:

but what if i dont use internet explorer?

Alot of those who stick with XP (businesses) do so its an issue for them.

  On 27/02/2010 at 13:04, Madoshi said:

what if i never ever under any circumstance press F1 in a message dialog?

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

Please, don't tell me that someone would actually comply!?

  On 27/02/2010 at 13:41, Buendia said:

Please, don't tell me that someone would actually comply!?

They all comply, i've never known an average user who has not complied

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

many schools too

  On 27/02/2010 at 13:37, Sadelwo said:
Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

i wouldn't, but i know plenty of people who would; fortunately i got them all to use Firefox or Chrome :)

  On 28/02/2010 at 06:24, Bioran23 said:

What's this? The 42,000th 0-day flaw?

Actually, there are probably only a handful of Zero-Day flaws. Most common exploits use patched flaws, but target users who never update. :no:

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!. Theres no reason for me to upgrade to Windows # as far as I have common sense and know how to use a PC properly.

except improved speed, stability, security, sand boxing, improved new hardware support, better feature sets, streamlined integration with new technology (.net, WPF, ectra) , UI taking advantage of more of your hardware (D2D) and regular patching and upgrades coming from microsoft...

*sigh* "NO REASON"

Still, this is a nasty bug for IE, but how has it gone this long without being detected? Or is it as bad as it seems? Am i misreading how simple it is to pull off?

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!.

FALSE! :no:

The flaw is in Windows XP's Help Files subsystem (winhlp32).

winhlp32 is no longer present in Vista/7 (there's only a fake stub for backward compatibility) because the .HLP files are deprecated ==> yet another reason to upgrade to Vista/7

Speed improved? What? about 2 miliseconds faster? OMG! Hurry! Let's BUY IT. Security?. What about the latest exploit affecting IE on 7 and vista?. Sandbox applications? To what? Sharepoint? There's other apps that can do that on XP. Improved new hardware? Hm, let's say MS is not even responsible about the hardware support.. thats responsibility of the hardware developers/companies. That was the WinME Failure. .NET still works on XP. WPF? HM, "pretty" apps that use more Hardware?. More gpu using for just render my desktop to make it look "pretty". Nop. NO REASON for me to upgrade.

if you stopped using internet exploder then that would help alot and use something better but xp still works well and why change something that works?well internet exploder needs to go.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Popular Now

  • Posts

    • I used to believe rhetoric too, then I met Vandana Shiva and learned of his true legacy on the continent.
    • Razer HyperFlux V2 Wireless charging mouse mat aims to revolutionise your gaming setup by Fiza Ali Razer has introduced the HyperFlux V2, a wireless charging system designed to power compatible gaming mice directly through a mouse mat. Unlike conventional solutions that rely on charging docks or cables, Razer says that the HyperFlux V2 mat incorporates a charging coil beneath its surface, allowing a mouse to draw power continuously while in use. The HyperFlux V2 is offered in two surface variants. The Hard Surface Edition features a "low-friction finish" intended to facilitate rapid cursor movements. It is intended for fast-paced competitive gaming scenarios in which swift tracking is prioritised. On the other hand, the Cloth Surface Edition features a textile weave that is said to provide additional resistance. Both editions include a rubberised underside which should prevent the mat from sliding during play. In terms of connectivity, the HyperFlux V2 employs an auto-pairing mechanism that links a mouse to the mat as it makes contact, eliminating the need for manual setup. The system also supports Razer’s HyperSpeed Multi-Device technology, allowing both a mouse and a keyboard to connect via the mat without requiring separate USB receivers. An LED indicator embedded in the mat displays battery status through colour changes, enabling users to monitor charge levels and avoid overcharging. This feature is intended to help preserve the battery lifespan of the mouse by allowing charging to halt once a preferred level is reached. The HyperFlux V2 mat supports wireless charging for several of Razer’s gaming mice, including the Basilisk V3 Pro 35K, the Basilisk V3 Pro, the Cobra Pro, and the Naga V2 Pro. In addition to mouse charging, the mat also facilitates multi-device connectivity for certain Razer keyboards, specifically, the BlackWidow V4 Mini HyperSpeed, the BlackWidow V3 Pro, the DeathStalker V2 Pro, and the DeathStalker V2 Pro Tenkeyless, although these keyboards are connected solely for data transmission and do not receive power from the mat. The HyperFlux V2 is now available, starting at $119.99. For more information, head over to the dedicated webpage here.
    • Indeed. It's almost like they didn't release the game half-baked and full of Day 0 bugs that needed to be patched...go figure.
    • YouTube has started limiting the bitrate of non-YouTube TV subscribers. But I would have thought that a corporate client would have gotten a pass on that...
  • Recent Achievements

    • Conversation Starter
      johnwin1 earned a badge
      Conversation Starter
    • One Month Later
      Marwin earned a badge
      One Month Later
    • One Year In
      fred8615 earned a badge
      One Year In
    • Week One Done
      Jim Dugan earned a badge
      Week One Done
    • Week One Done
      Adam Todd earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      214
    2. 2
      snowy owl
      156
    3. 3
      ATLien_0
      134
    4. 4
      Xenon
      126
    5. 5
      +FloatingFatMan
      116
  • Tell a friend

    Love Neowin? Tell a friend!