Reported October 17, 2002, by Microsoft.

VERSION AFFECTED

 

  • Microsoft Windows XP

 

 

DESCRIPTION

 

A vulnerability exists in Windows XP that lets an attacker remotely delete any file or folder on the vulnerable system. This vulnerability stems from a vulnerability in XP’s Help and Support Center that makes available to any Web page a file that's intended for system use only. An attacker can exploit this problem by constructing a Web page that would attack visitors to the Web site or anyone who opens the page after receiving it as an email attachment.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-060 (Flaw in Windows XP Help and Support Center Could Enable File Deletion) to address this vulnerability and recommends that affected users apply Service Pack 1 for Windows XP mentioned in the bulletin. A patch is also available for users who are unable to apply the service pack.

 

CREDIT

Discovered by Shane Hird of the Distributed Systems Technology Centre (DSTC).