Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

XP security hole uplddrvinfo.htm

From: gobbles () hush com (gobbles () hush com)
Date: Tue, 10 Sep 2002 15:05:27 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Green is tasty color
even more tasty
administrator on phyve.com


Did you eat paint chips as a child?
-----Original Message-----
From: gobbles () hush com [mailto:gobbles () hush com]
Sent: Tuesday, September 10, 2002 4:23 PM
To: full-disclosure () lists netsys com
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] XP security hole uplddrvinfo.htm



fuck you 2.

mindless consultant rely on charletan look dumb fuck
gibson suck nothing but shit covered dick
Paul Tinsley get gibson left over
must taste good
here is invoice
i look smart
hire again
mom is proud


You people amaze me.... you are too busy proving that each oth

e

r suck to
just get the word out on exploits.  You should note that I nev

e

r claimed
who discovered it, I honestly don't care.  I know personally I



would
prefer if political agendas or conspiracy theories stay off th

e

list.
Point is, systems are insecure, get the word out.  Pat on the

b

ack for
whoever did discover it...

So revised version of original message:
I haven't seen much if any coverage of a rather nasty exploit

i

n Windows
XP that was discovered by what I believe was a human on earth.



If you
would like to keep your XP boxes from being venerable to this

e

xploit
which happens to delete whatever a properly formed link reques

t

s, delete
%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm

Thank you to Thor for posting more accurate information in rep

l

y to my
message....
Shane Hird discovered it.
You can see his post here:

http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.

h

tml

And you can try a proof-of-concept here:

http://jscript.dk/2002/8/sec/xphelpdelete.html

And you can see all of the 20 publicly known unpatched vulnera

b

ilities
in Internet Explorer here:

http://www.pivx.com/larholm/unpatched/


-----Original Message-----
From: gobbles () hush com [mailto:gobbles () hush com]
Sent: Tuesday, September 10, 2002 2:36 PM
Subject: Re: [Full-disclosure] XP security hole uplddrvinfo.ht

m




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Gibson=FUD charlaten   www.grcsucks.com


Sorry if this has already been posted but I was made aware of



a

rather
ugly security hole in Windows XP.



FUD FUD FUD


This vulnerability allows the files contained in any specifie

d



directory
on your system to be deleted if you click on a specially form

e

d

URL.
This URL could appear anywhere: sent in malicious eMail, in a



c

hat room,
in a newsgroup posting, on a malicious web page, or even exec

u

t

ed when


Geogie Guninski discovered this long time ago.  Major vulnerab

i

lity also
exist if user type format command wrong.

Gibson no skills not discover this.


your computer merely visits a malicious web page. It is likel

y



to be
widely exploited soon.


Widely exploited soon?  Gibson planning something?

bullshit bullshit bullshit



This vulnerability is so dangerous that it would be irrespons

i

b

le for me
to say more. Microsoft has known of this problem for months a

n

d

FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.



General
terms high level bullshit mean more consultant dollars.


has,
inexplicably, done nothing before now. Although XP's Service

P

a

ck 1 is
not small (approx 30 MB for express installation or 140 MB fo

r



the
network install), and even though a much quicker and easier s

o

l

ution to
this problem exists, the only thing I can safely recommend (w

i

t

hout
revealing too much) is to urge all XP users to somehow obtain



a

nd
install Service Pack 1 immediately. (If you have a slow Inter

n

e

t
connection, perhaps a friend can download the executable Serv

i

c

e Pack
file and burn it onto a CD for you?)


More fud fud fud bullshit bullshit bullshit.  Problem fixed wi

t

h hotfix
not sp1.  Gibson very dumb.


This problem does not affect any systems other than Windows X

P

.

If you
have any friends or co-workers running Windows XP, please urg

e



them to
update their systems' too. Once the details of this vulnerabi

l

i

ty have
leaked through other channels I will provide additional infor

m

a

tion.


Gibson planning leak?  Tell friends that Gibson great security



guy and
pay to consult.  bullshit bullshit bullshit FUD FUD FUD


there is an alternative. There's a file you can rename or del

e

t

e to fix
the security hole. Here are the steps:

Perform a search for a file on your C drive called "uplddrvin

f

o

.htm."
Once you've found the file, delete it or rename it. Doing so

w

i

ll not
hinder your ability to use Windows XP.


bullshit bullshit bullshit.

Does not fix problem.  Gibson is dumb.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.

c

om

wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw

C

gkCxM
SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
=Ok0V
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com




You people amaze me.... you are too busy proving that each oth

e

r suck to
just get the word out on exploits.  You should note that I nev

e

r claimed
who discovered it, I honestly don't care.  I know personally I



would
prefer if political agendas or conspiracy theories stay off th

e

list.
Point is, systems are insecure, get the word out.  Pat on the

b

ack for
whoever did discover it...

So revised version of original message:
I haven't seen much if any coverage of a rather nasty exploit

i

n Windows
XP that was discovered by what I believe was a human on earth.



If you
would like to keep your XP boxes from being venerable to this

e

xploit
which happens to delete whatever a properly formed link reques

t

s, delete
%windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm

Thank you to Thor for posting more accurate information in rep

l

y to my
message....
Shane Hird discovered it.
You can see his post here:

http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.

h

tml

And you can try a proof-of-concept here:

http://jscript.dk/2002/8/sec/xphelpdelete.html

And you can see all of the 20 publicly known unpatched vulnera

b

ilities
in Internet Explorer here:

http://www.pivx.com/larholm/unpatched/


-----Original Message-----
From: gobbles () hush com [mailto:gobbles () hush com]
Sent: Tuesday, September 10, 2002 2:36 PM
Subject: Re: [Full-disclosure] XP security hole uplddrvinfo.ht

m




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Gibson=FUD charlaten   www.grcsucks.com


Sorry if this has already been posted but I was made aware of



a

rather
ugly security hole in Windows XP.



FUD FUD FUD


This vulnerability allows the files contained in any specifie

d



directory
on your system to be deleted if you click on a specially form

e

d

URL.
This URL could appear anywhere: sent in malicious eMail, in a



c

hat room,
in a newsgroup posting, on a malicious web page, or even exec

u

t

ed when


Geogie Guninski discovered this long time ago.  Major vulnerab

i

lity also
exist if user type format command wrong.

Gibson no skills not discover this.


your computer merely visits a malicious web page. It is likel

y



to be
widely exploited soon.


Widely exploited soon?  Gibson planning something?

bullshit bullshit bullshit



This vulnerability is so dangerous that it would be irrespons

i

b

le for me
to say more. Microsoft has known of this problem for months a

n

d

FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.



General
terms high level bullshit mean more consultant dollars.


has,
inexplicably, done nothing before now. Although XP's Service

P

a

ck 1 is
not small (approx 30 MB for express installation or 140 MB fo

r



the
network install), and even though a much quicker and easier s

o

l

ution to
this problem exists, the only thing I can safely recommend (w

i

t

hout
revealing too much) is to urge all XP users to somehow obtain



a

nd
install Service Pack 1 immediately. (If you have a slow Inter

n

e

t
connection, perhaps a friend can download the executable Serv

i

c

e Pack
file and burn it onto a CD for you?)


More fud fud fud bullshit bullshit bullshit.  Problem fixed wi

t

h hotfix
not sp1.  Gibson very dumb.


This problem does not affect any systems other than Windows X

P

.

If you
have any friends or co-workers running Windows XP, please urg

e



them to
update their systems' too. Once the details of this vulnerabi

l

i

ty have
leaked through other channels I will provide additional infor

m

a

tion.


Gibson planning leak?  Tell friends that Gibson great security



guy and
pay to consult.  bullshit bullshit bullshit FUD FUD FUD


there is an alternative. There's a file you can rename or del

e

t

e to fix
the security hole. Here are the steps:

Perform a search for a file on your C drive called "uplddrvin

f

o

.htm."
Once you've found the file, delete it or rename it. Doing so

w

i

ll not
hinder your ability to use Windows XP.


bullshit bullshit bullshit.

Does not fix problem.  Gibson is dumb.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.

c

om

wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiw

C

gkCxM
SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
=Ok0V
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com






Get your free encrypted email at https://www.hushmail.com



-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlgEARECABgFAj1+aQURHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56tA2gCeI0xZ
TKAPHWgdvu7BcDjENEaZ3ToAoI/eO64ofr03i/2ZnSkK9GjHeYZU
=yN5Q
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com
Previous By Date Next
Previous By Thread Next

Current thread: