CVE-2002-0974
published 2002-09-24CVE-2002-0974: Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
13.67%
96.0th percentile
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for use of the 'hcp:' URI scheme in browser requests, particularly those referencing uplddrvinfo.htm, as this is the attack vector for arbitrary file deletion. ↗
- →Detect HCP URIs containing 'file://' parameters, which are used to pass filenames (including wildcards) to the vulnerable ActiveX control for file deletion. ↗
- →Alert on invocation of uplddrvinfo.htm via the HCP protocol handler, which triggers a 'Get Help With Your Hardware Device' dialog; file deletion occurs when the user closes this window. ↗
- ·Normal file system permissions still apply; the attack cannot delete files the user does not have permission to delete, and sub-directories are not deleted. ↗
- ·Wildcards are supported in the file parameter, allowing bulk deletion of all files in a directory (e.g., C:\windows\*). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=102942549832077&w=2http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ328940http://www.iss.net/security_center/static/9878.phphttp://www.osvdb.org/3001http://www.securityfocus.com/bid/5478https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-060http://marc.info/?l=bugtraq&m=102942549832077&w=2http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ328940http://www.iss.net/security_center/static/9878.phphttp://www.osvdb.org/3001http://www.securityfocus.com/bid/5478https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-060
2002-09-24
Published