I searched and didn't find a reference to this, if it's posted already I apologize.
This was reported back in June of '02 but the only Windows Update that patches the vulnerability is Service Pack 1.
Delete arbitrary files using Help and Support Center
MS Tracking ID: [MSRC 1198dg]
Date Reported: 25/06/02
Date Published: 15/08/02
Vendor: Microsoft
Impact: Delete files through CSS condition in Help Center
Resolution: To be fixed in XP SP1
Tested Applications: IE6 + all service packs (to date of publishing)
Windows XP + all patches (to date of publishing)
Help Center (HelpCtr.exe v5.1.2600.0)
File used: C:windows\PCHEALTH\HELPCTR\SYSTEM\DFS
Possible Fixes: Service Pack 1, XPdite , manual deletion/renaming of file
It is possible to test your system for the vulnerability by entering into any address bar :
hcp://system/DFS/uplddrvinfo.htm?file://c:\test\*
I created a file in C called test and put in some useless files and found that this does infact work. It does not delete the subdirectories, only the files in the directory specified. It is not limited to C: directories, subdirectories can be specified with the same results.
http://www.theregister.co.uk/content/4/27074.html
http://www.security.nnov.ru/search/d...asp?docid=3370
http://unity.skankhouse.org/helpcenter.htm
http://cert.uni-stuttgart.de/archive.../msg00224.html
Reply With Quote