Windows XP 0-day flaw: remote code execution, exploit released!


Recommended Posts

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

Additionally, there is a stack overflow vulnerability in winhlp32.exe.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept) for WinXP vulnerability: http://isec.pl/poc-isec27/?? :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

but what if i dont use internet explorer?

Setting the default internet security zone in IE to "High" will protect you from this exploit.

Also, there will undoubtedly be a patch for it, since Windows XP is in extended support until 2014.

  On 27/02/2010 at 12:31, franzon said:

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe.

To trigger vulnerability some user interaction is needed, victim has to press F1 when MsgBox popup is displayed.

AFFECTED software: Windows XP SP3

NOT affected: Vista, Windows 7

This is a simple demo (Proof of Concept): http://isec.pl/poc-isec27/ :rofl:

==> yet another reason to upgrade to Vista/7 :rolleyes:

==> yet another reason NOT to use IE. ;)

As much as I love Windows Seven, I'll be glad when they fully purge IE from Windows completely.

  On 27/02/2010 at 12:37, carmatic said:

but what if i dont use internet explorer?

Alot of those who stick with XP (businesses) do so its an issue for them.

  On 27/02/2010 at 13:04, Madoshi said:

what if i never ever under any circumstance press F1 in a message dialog?

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

Please, don't tell me that someone would actually comply!?

  On 27/02/2010 at 13:41, Buendia said:

Please, don't tell me that someone would actually comply!?

They all comply, i've never known an average user who has not complied

  On 27/02/2010 at 13:37, Sadelwo said:

Alot of those who stick with XP (businesses) do so its an issue for them.

many schools too

  On 27/02/2010 at 13:37, Sadelwo said:
Dialogue box : "Your PC might be infected!!! Press F1 to begin a free web scan!"

i wouldn't, but i know plenty of people who would; fortunately i got them all to use Firefox or Chrome :)

  On 28/02/2010 at 06:24, Bioran23 said:

What's this? The 42,000th 0-day flaw?

Actually, there are probably only a handful of Zero-Day flaws. Most common exploits use patched flaws, but target users who never update. :no:

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!. Theres no reason for me to upgrade to Windows # as far as I have common sense and know how to use a PC properly.

except improved speed, stability, security, sand boxing, improved new hardware support, better feature sets, streamlined integration with new technology (.net, WPF, ectra) , UI taking advantage of more of your hardware (D2D) and regular patching and upgrades coming from microsoft...

*sigh* "NO REASON"

Still, this is a nasty bug for IE, but how has it gone this long without being detected? Or is it as bad as it seems? Am i misreading how simple it is to pull off?

  On 01/03/2010 at 13:53, Mocosoft said:

This is not an XP flaw, is a Internet Explorer Flaw!!.

FALSE! :no:

The flaw is in Windows XP's Help Files subsystem (winhlp32).

winhlp32 is no longer present in Vista/7 (there's only a fake stub for backward compatibility) because the .HLP files are deprecated ==> yet another reason to upgrade to Vista/7

Speed improved? What? about 2 miliseconds faster? OMG! Hurry! Let's BUY IT. Security?. What about the latest exploit affecting IE on 7 and vista?. Sandbox applications? To what? Sharepoint? There's other apps that can do that on XP. Improved new hardware? Hm, let's say MS is not even responsible about the hardware support.. thats responsibility of the hardware developers/companies. That was the WinME Failure. .NET still works on XP. WPF? HM, "pretty" apps that use more Hardware?. More gpu using for just render my desktop to make it look "pretty". Nop. NO REASON for me to upgrade.

if you stopped using internet exploder then that would help alot and use something better but xp still works well and why change something that works?well internet exploder needs to go.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • WYSIWYG Web Builder 20.2.1 by Razvan Serea Web Buialder is a WYSIWYG (What-You-See-Is-What-You-Get) program used to create complete web sites. WYSIWYG means that the finished page will display exactly the way it was designed. The program generates HTML (HyperText Markup Language) tags while you point and click on desired functions; you can create a web page without learning HTML. Just drag and drop objects to the page position them "anywhere" you want and when youre finished publish it to your web server (using the build in Publish tool). Web Builder gives you full control over the content and layout of your web pages. One Web Builder project file can hold multiple web pages. Desktop publishing for the web, build web sites as easy as Drag & Drop "One Click Publishing" No FTP program needed. No special hosting required, use with any Hosting Service! Easily create forms using the built-in Form Wizard plus Form validation tools and built-in CAPTCHA. Advanced graphics tools like shapes, textart, rotation, shadows and many other image effects. Fully integrated jQuery UI (Accordion, Tabs etc), animations, effects and built-in ThemeRoller theme editor. Google compatible sitemap generator / PayPal eCommerce Tools Many navigation tools available: Navigation bars, tab menus, dropdown menus, sitetree, slidemenus. Built-in Slide Shows, Photo Galleries, Rollover images, Banners etc. Support for YouTube, Flash Video, Windows Media Player and many other video formats. Unique extension (add-on) system with already more than 250 extensions available! Create HTML5 / CSS3 websites today HTML5 document type (optimized HTML5 output). HTML5 audio/video and YouTube HTML5 support. HTML5 forms: native form validation, new input types and options, web storage. HTML5 canvas and svg support in shapes and other drawing tools. CSS3 @font-face. Use non web safe fonts in all modern browsers. CSS3 opacity, border radius, box shadow. CSS3 gradients. Add cool gradient effects using native CSS3 (no images). CSS3 navigation menu. Create awesome menus without using JavaScript or images. CSS3 animations and transitions. Including support for 2D and 3D transforms! Features for advanced users: Login Tools/Page Password Protection. Built-in Content Management System with many plug-ins (guestbook, faq, downloads, photo album etc). Add custom HTML code with the HTML tools. JavaScript Events: Show/hide objects (with animation), timers, move objects, change styles etc. Layers: Sticky layer, Docking layer, Floating layer, Modal layer, Anchored layer, Strechable layer and more! jQuery Theme Manager, create your own themes for the built-in jQuery UI widgets. Style Manager (global styling, H1, H2, H3 etc). Master Frames and Master Objects: reuse common element in your website. and much more! WYSIWYG Web Builder 20.2.1 changelog: Improved: Images in the properties of Photo Gallery, Photo Grid, Photo Collage and Slide Show can now be re-arrange using drag & drop. Improved: Default aspect ratio of HTML5 audio Fixed: Issue with list item icon offset in workspace. Fixed: 'Edit' button text in Login Admin cannot be changed. Fixed: Issue with Card max-width size calculation in breakpoints Fixed: Issue with (fixed) Layout Grid column height in breakpoints. Download: WYSIWYG Web Builder 64-bit | 30.1 MB (Shareware) Download: WYSIWYG Web Builder 32-bit | 28.0 MB Screenshot: >> Click here << Link: Home Page | Templates | Free extras/addons | Changelog Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Damn no doubt this is gonna be good, can't think of many franchises as consistent as RE (apart from 3 remake)
    • There are two version of qbittorrent 5.1.0 The normal version which I think is based of QT5 & the QT6 lt20 version. I'm currently using the QT6 LT20 version of 5.1.0 and it downloaded an ubuntu iso perfectly fine.
    • Are we forgetting the hardware degradation on 13th and 14th gen??
    • Cry more. The Ukrainians who had internet access because of Starlink were trash too, huh?
  • Recent Achievements

    • One Year In
      Vladimir Migunov earned a badge
      One Year In
    • One Month Later
      daelos earned a badge
      One Month Later
    • Week One Done
      daelos earned a badge
      Week One Done
    • Mentor
      Karlston went up a rank
      Mentor
    • One Month Later
      EdwardFranciscoVilla earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      494
    2. 2
      snowy owl
      252
    3. 3
      +FloatingFatMan
      250
    4. 4
      ATLien_0
      225
    5. 5
      +Edouard
      181
  • Tell a friend

    Love Neowin? Tell a friend!