Full Disclosure mailing list archives

XP security hole uplddrvinfo.htm

From: lists.netsys.com () jscript dk (Thor Larholm)
Date: Tue, 10 Sep 2002 21:07:43 +0200

From: "Paul Tinsley" <Paul.Tinsley () phyve com>
Excerpt from Gibson Research (http://grc.com/default.htm)
Attention Windows XP Users

This vulnerability allows the files contained in any specified directory
on your system to be deleted if you click on a specially formed URL.


Credit due where credit is, Steve really should be crediting Shane Hird who
discovered this vulnerability.

You can see his post here:

http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.html

And you can try a proof-of-concept here:

http://jscript.dk/2002/8/sec/xphelpdelete.html

And you can see all of the 20 publicly known unpatched vulnerabilities in
Internet Explorer here:

http://www.pivx.com/larholm/unpatched/

Current thread:

XP security hole uplddrvinfo.htm Paul Tinsley (Sep 10)
- XP security hole uplddrvinfo.htm Thor Larholm (Sep 10)
- <Possible follow-ups>
- XP security hole uplddrvinfo.htm Paul Tinsley (Sep 10)
  - XP security hole uplddrvinfo.htm Georgi Guninski (Sep 10)
- XP security hole uplddrvinfo.htm gobbles () hush com (Sep 10)
- XP security hole uplddrvinfo.htm gobbles () hush com (Sep 10)