Australian researcher uncovers XP vulnerability

By James Pearce, ZDNet Australia
16 September 2002 04:10 PM
Tags: winxp, sp1, help desk, vulnerability, crc, patch, dstc, uoq
Unwary Windows XP users can have entire directories emptied of files simply by clicking on a hyperlink, according to an Australian security researcher.

The vulnerability occurs when a particular request (in the form of a command in the URL address box) is sent to the Win-XP Help Centre, which then runs a script to delete a file which is derived from the URL. The vulnerability has been posted on security sites.

Shane Hird, a research scientist at the Distributed Systems Technology Centre at the University of Queensland told ZDNet Australia he discovered the vulnerability near the end of June. "I was playing around and it looked a bit suspicious," he said. "I noticed it required a file name and then that file was deleted."

Although the vulnerability cannot be forced on a user because it requires someone to actively click on a hyperlink, it is considered dangerous because the casual user may mistake it for a normal link.

"It's high risk because it's so easy," said Hird. "Everyone just clicks on links, they don't really check where they go."

Hird contacted Microsoft, and they worked together to determine the scope of the vulnerability. Microsoft has fixed the vulnerability through its Windows XP Service Pack One (SP1). Microsoft revealed that when they checked neighbouring features and functions for similar vulnerabilities they found some, which are also fixed through the patch.

"When I went back and looked [at the code] a lot of files had been changed," said Hird. "There probably are a lot more serious problems there that I haven't had time to look at."

Advertisement

Talkback 3 comments

    he didn't discover jack. give ...Anonymous -- 17/09/02

    he didn't discover jack.

    give credit to the underground where the exploit came from, not some univerity ****!

    hear hear !~!!~ Underground supporter -- 18/09/02

    hear hear !~!!~

    I heard if you click on www.re ...Anonymous -- 20/09/02

    I heard if you click on www.redhat.com, www.suse.com, or www.mandrakelinux.com it makes all of Windows XP go away...

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Chris Duckett Get extensions going in Firefox, redux
    Previously on Null Pointer we looked at getting extensions working in Firefox betas, and that was great until the fine folks at Firefox changed their minds.
  • Array How reliable is IP telephony?
    Have you ever heard a weird kind of hissing, crackling or popping noise when calling someone on an IP telephony line? How rare is the phenomenon these days?
  • Array Forget the NBN, 100Mbps is already here
    Telstra and TransACT will shortly begin offering 100Mbps broadband to many customers. By moving early, the companies have not only raised the bar for Australia's broadband services, but thrown down a challenge to a government that now faces increased pressure to deliver the NBN as promised.
  • More blogs »

Tags

Back to top

Featured