MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion

Traduzione articoli Traduzione articoli
Identificativo articolo: 328940 - Visualizza i prodotti a cui si riferisce l?articolo.
Espandi tutto | Chiudi tutto

In questa pagina

Sintomi

The Windows XP Help and Support center includes a feature that runs when the Found New Hardware Wizard completes. This feature prompts you to send hardware profile information to Microsoft so that you can receive information about how to obtain the appropriate driver, or obtain support for the hardware that you installed. If you agree to send this data to Microsoft, Help and Support uses the Uplddrvinfo.htm file to send your hardware profile information to the Microsoft Driver Feedback server by using the Upload Manager service.

There is a security vulnerability in the JScript code in the Uplddrvinfo.htm file that might permit an attacker to delete files on your computer by using the hcp:// pluggable protocol to load the Uplddrvinfo.htm file.

Risoluzione

Download Information

Although this patch is included with Windows XP Service Pack 1 (SP1), Microsoft has made it available for individual download for your convenience. For additional information about Windows XP SP1, click the article number below to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The following files are available for download from the Microsoft Download Center:

Windows XP Home Edition and Windows XP Professional

English (US):
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Arabic:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Chinese (Simplified):
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Chinese (Traditional):
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Czech:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Danish:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Dutch:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Finnish:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

French:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

German:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Greek:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Hebrew:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Hungarian:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Italian:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Japanese:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Korean:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Norwegian:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Portuguese:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Portuguese (Brazil):
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Russian:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Spanish:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Swedish:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Turkish:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Windows XP 64-Bit Edition

English (US):
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

French:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

German:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now

Japanese:
Riduci l'immagineEspandi l'immagine
Download
Download the Q328940 package now
Release Date: October 16, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when the installation is complete.
  • /q: Quiet mode (no user interaction).
  • /l: List installed hotfixes.
  • /x Extract the files without running Setup.
For example, to install the update without any user intervention and to not force the computer to restart, use the following command line:
q328940_wxp_sp1_x86_enu /u /q /z
WARNING: Your computer is vulnerable until you restart it.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (also known as Universal Time Coordinate [UTC]). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition and Windows XP Professional

   Date         Time   Version       Size     File name
   -------------------------------------------------------
   23-Sep-2002  22:03  5.1.2600.101  728,064  Helpctr.exe
   23-Sep-2002  22:02  5.1.2600.101  696,832  Helpsvc.exe
   23-Sep-2002  21:48                 27,774  Hscmui.cab
   23-Sep-2002  22:02  5.1.2600.101    9,216  Hscupd.exe
   23-Sep-2002  21:49                 70,111  Hscxpsp1.cab
   23-Sep-2002  22:03  5.1.2600.101  145,408  Msconfig.exe
   30-Sep-2002  16:25  5.1.2600.101   94,208  Pchshell.dll
   30-Sep-2002  16:25  5.1.2600.101   33,280  Pchsvc.dll
				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   19-Jul-2002  22:12  32,982  Dfs01.htm
   25-Apr-2002  22:15   1,206  Dvdhtm01.js
   17-Apr-2002  22:22  19,520  Hcpan_09.htm
   17-Apr-2002  22:22  37,469  Hcspa_06.htm
   13-Aug-2002  21:18   1,492  Package_description.xml
				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name
   ----------------------------------------------------
   12-Aug-2002  22:11   5,231  Common.js
   17-Jul-2002  21:34  77,245  Cpt03.htm
   01-Aug-2002  18:24  32,982  Dfs01.htm
   01-Aug-2002  18:24   1,206  Dvdhtm01.js
   01-Aug-2002  18:24  18,804  Hcerr_07.htm
   01-Aug-2002  18:24  19,520  Hcpan_09.htm
   01-Aug-2002  18:24   3,159  Hcscr_01.js
   01-Aug-2002  18:24  37,469  Hcspa_06.htm
   13-Aug-2002  20:35   2,368  Package_description.xml
   01-Aug-2002  18:24     540  Raclientlayout.xml
   01-Aug-2002  18:24     666  Rahelpeeacceptlayout.xml
   01-Aug-2002  18:24     587  Raimlayout.xml
   01-Aug-2002  18:24     569  Raura.xml
   01-Aug-2002  18:24  16,097  Sihtm_03.htm
   01-Aug-2002  18:24  14,129  Sihtm_04.js
   01-Aug-2002  18:24  32,141  Sihtm_05.js
   01-Aug-2002  18:24  25,050  Sihtm_06.htm
   01-Aug-2002  18:24  27,910  Sihtm_06.js
   01-Aug-2002  18:24   7,840  Sihtm_12.htm
				

Windows XP 64-Bit Edition

   Date         Time   Version       Size       File name
   ---------------------------------------------------------
   23-Sep-2002  22:06  5.1.2600.101  2,429,440  Helpctr.exe
   23-Sep-2002  22:05  5.1.2600.101  2,636,288  Helpsvc.exe
   23-Sep-2002  21:48                   27,774  Hscmui.cab
   23-Sep-2002  22:05  5.1.2600.101     22,016  Hscupd.exe
   23-Sep-2002  21:49                   68,110  Hscxpsp1.cab
   23-Sep-2002  22:06  5.1.2600.101    487,936  Msconfig.exe
   30-Sep-2002  16:26  5.1.2600.101    340,480  Pchshell.dll
   30-Sep-2002  16:26  5.1.2600.101    107,008  Pchsvc.dll
				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   19-Jul-2002  22:12  32,982  Dfs01.htm
   25-Apr-2002  22:15   1,206  Dvdhtm01.js
   17-Apr-2002  22:22  19,520  Hcpan_09.htm
   17-Apr-2002  22:22  37,469  Hcspa_06.htm
   13-Aug-2002  21:18   1,492  Package_description.xml
				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   17-Jul-2002  21:34  77,245  Cpt03.htm
   01-Aug-2002  18:24  32,982  Dfs01.htm
   01-Aug-2002  18:24   1,206  Dvdhtm01.js
   01-Aug-2002  18:24  18,804  Hcerr_07.htm
   01-Aug-2002  18:24  19,520  Hcpan_09.htm
   01-Aug-2002  18:24   3,159  Hcscr_01.js
   01-Aug-2002  18:24  37,469  Hcspa_06.htm
   13-Aug-2002  21:05   1,673  Package_description.xml
   01-Aug-2002  18:24  16,097  Sihtm_03.htm
   01-Aug-2002  18:24  14,129  Sihtm_04.js
   01-Aug-2002  18:24  32,141  Sihtm_05.js
   01-Aug-2002  18:24  25,050  Sihtm_06.htm
   01-Aug-2002  18:24  27,910  Sihtm_06.js
   01-Aug-2002  18:24   7,840  Sihtm_12.htm
				

Status

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1 (SP1).

Informazioni

For more information, visit the following Microsoft Web sites:
http://www.microsoft.com/technet/security/bulletin/MS02-060.asp

http://www.microsoft.com/Technet/security/topics/HCP1.asp

Proprietà

Identificativo articolo: 328940 - Ultima modifica: sabato 1 dicembre 2007 - Revisione: 2.1
Le informazioni in questo articolo si applicano a
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
Chiavi: 
kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbwinxpsp1fix KB328940
LE INFORMAZIONI CONTENUTE NELLA MICROSOFT KNOWLEDGE BASE SONO FORNITE SENZA GARANZIA DI ALCUN TIPO, IMPLICITA OD ESPLICITA, COMPRESA QUELLA RIGUARDO ALLA COMMERCIALIZZAZIONE E/O COMPATIBILITA' IN IMPIEGHI PARTICOLARI. L'UTENTE SI ASSUME L'INTERA RESPONSABILITA' PER L'UTILIZZO DI QUESTE INFORMAZIONI. IN NESSUN CASO MICROSOFT CORPORATION E I SUOI FORNITORI SI RENDONO RESPONSABILI PER DANNI DIRETTI, INDIRETTI O ACCIDENTALI CHE POSSANO PROVOCARE PERDITA DI DENARO O DI DATI, ANCHE SE MICROSOFT O I SUOI FORNITORI FOSSERO STATI AVVISATI. IL DOCUMENTO PUO' ESSERE COPIATO E DISTRIBUITO ALLE SEGUENTI CONDIZIONI: 1) IL TESTO DEVE ESSERE COPIATO INTEGRALMENTE E TUTTE LE PAGINE DEVONO ESSERE INCLUSE. 2) I PROGRAMMI SE PRESENTI, DEVONO ESSERE COPIATI SENZA MODIFICHE, 3) IL DOCUMENTO DEVE ESSERE DISTRIBUITO INTERAMENTE IN OGNI SUA PARTE. 4) IL DOCUMENTO NON PUO' ESSERE DISTRIBUITO A SCOPO DI LUCRO.

Invia suggerimenti

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com