The vulnerability occurs when a particular request (in the form of a command in the URL address box) is sent to the Win-XP Help Centre, which then runs a script to delete a file which is derived from the URL. The vulnerability has been posted on security sites.
Shane Hird, a research scientist at the Distributed Systems Technology Centre at the University of Queensland told ZDNet Australia he discovered the vulnerability near the end of June. "I was playing around and it looked a bit suspicious," he said. "I noticed it required a file name and then that file was deleted."
Although the vulnerability cannot be forced on a user because it requires someone to actively click on a hyperlink, it is considered dangerous because the casual user may mistake it for a normal link.
"It's high risk because it's so easy," said Hird. "Everyone just clicks on links, they don't really check where they go."
Hird contacted Microsoft, and they worked together to determine the scope of the vulnerability. Microsoft has fixed the vulnerability through its Windows XP Service Pack One (SP1). Microsoft revealed that when they checked neighbouring features and functions for similar vulnerabilities they found some, which are also fixed through the patch.
"When I went back and looked [at the code] a lot of files had been changed," said Hird. "There probably are a lot more serious problems there that I haven't had time to look at."
he didn't discover jack.
give credit to the underground where the exploit came from, not some univerity ****!