Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
BID:9685
Info
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
| Bugtraq ID: | 9685 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2004 12:00AM |
| Updated: | Feb 17 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Bartosz Kwitkowski <[email protected]>. |
| Vulnerable: |
Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP1 Microsoft Windows XP Home |
| Not Vulnerable: | |
Discussion
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
A weakness has been alleged in Microsoft Windows XP that could reportedly allow aspects of the Help and Support Center interface to be spoofed via a malicious link. By spoofing this interface, an attacker could potentially present misleading or hostile content to a user in a manner which may cause the user to trust it.
Symantec has not been able to reproduce this alleged weakness.
A weakness has been alleged in Microsoft Windows XP that could reportedly allow aspects of the Help and Support Center interface to be spoofed via a malicious link. By spoofing this interface, an attacker could potentially present misleading or hostile content to a user in a manner which may cause the user to trust it.
Symantec has not been able to reproduce this alleged weakness.
Exploit / POC
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
The following example was provided:
hcp://system/errors/Connection.htm?online_url=http://wb.pl/bartosz/hcp/screen2.jpg&topic_title=Windows Update&topic_intro=Please click below to check your system&offline_url=c:/
A screenshot of the spoofed interface is also available at the following location:
http://wb.pl/bartosz/hcp/screen3.jpg
The following example was provided:
hcp://system/errors/Connection.htm?online_url=http://wb.pl/bartosz/hcp/screen2.jpg&topic_title=Windows Update&topic_intro=Please click below to check your system&offline_url=c:/
A screenshot of the spoofed interface is also available at the following location:
http://wb.pl/bartosz/hcp/screen3.jpg
Solution / Fix
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
References:
References:
- Microsoft Technet Security (Microsoft)