cbcvebase.
CVE-2002-0974
published 2002-09-24

CVE-2002-0974: Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
13.67%
96.0th percentile
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

Detection & IOCsextracted from sources · hover to see the quote

urlhcp://system/DFS/uplddrvinfo.htm?file://c:\windows\*
pathuplddrvinfo.htm
  • Monitor for use of the 'hcp:' URI scheme in browser requests, particularly those referencing uplddrvinfo.htm, as this is the attack vector for arbitrary file deletion.
  • Detect HCP URIs containing 'file://' parameters, which are used to pass filenames (including wildcards) to the vulnerable ActiveX control for file deletion.
  • Alert on invocation of uplddrvinfo.htm via the HCP protocol handler, which triggers a 'Get Help With Your Hardware Device' dialog; file deletion occurs when the user closes this window.
  • ·Normal file system permissions still apply; the attack cannot delete files the user does not have permission to delete, and sub-directories are not deleted.
  • ·Wildcards are supported in the file parameter, allowing bulk deletion of all files in a directory (e.g., C:\windows\*).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.