MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
Symptoms
The Windows XP Help and Support center includes a feature that runs when the Found New Hardware Wizard completes. This feature prompts you to send hardware profile information to Microsoft so that you can receive information about how to obtain the appropriate driver, or obtain support for the hardware that you installed. If you agree to send this data to Microsoft, Help and Support uses the Uplddrvinfo.htm file to send your hardware profile information to the Microsoft Driver Feedback server by using the Upload Manager service.

There is a security vulnerability in the JScript code in the Uplddrvinfo.htm file that might permit an attacker to delete files on your computer by using the hcp:// pluggable protocol to load the Uplddrvinfo.htm file.
Resolution

Download Information

Although this patch is included with Windows XP Service Pack 1 (SP1), Microsoft has made it available for individual download for your convenience. For additional information about Windows XP SP1, click the article number below to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The following files are available for download from the MicrosoftDownload Center:

Windows XP Home Edition and Windows XP Professional

Windows XP 64-Bit Edition

Release Date: October 16, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when the installation is complete.
  • /q: Quiet mode (no user interaction).
  • /l: List installed hotfixes.
  • /x Extract the files without running Setup.
For example, to install the update without any user intervention and to not force the computer to restart, use the following command line:
q328940_wxp_sp1_x86_enu /u /q /z
WARNING: Your computer is vulnerable until you restart it.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (also known as Universal Time Coordinate [UTC]). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition and Windows XP Professional

   Date         Time   Version       Size     File name   -------------------------------------------------------   23-Sep-2002  22:03  5.1.2600.101  728,064  Helpctr.exe   23-Sep-2002  22:02  5.1.2600.101  696,832  Helpsvc.exe   23-Sep-2002  21:48                 27,774  Hscmui.cab   23-Sep-2002  22:02  5.1.2600.101    9,216  Hscupd.exe   23-Sep-2002  21:49                 70,111  Hscxpsp1.cab   23-Sep-2002  22:03  5.1.2600.101  145,408  Msconfig.exe   30-Sep-2002  16:25  5.1.2600.101   94,208  Pchshell.dll   30-Sep-2002  16:25  5.1.2600.101   33,280  Pchsvc.dll				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name   ---------------------------------------------------   19-Jul-2002  22:12  32,982  Dfs01.htm   25-Apr-2002  22:15   1,206  Dvdhtm01.js   17-Apr-2002  22:22  19,520  Hcpan_09.htm   17-Apr-2002  22:22  37,469  Hcspa_06.htm   13-Aug-2002  21:18   1,492  Package_description.xml				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name   ----------------------------------------------------   12-Aug-2002  22:11   5,231  Common.js   17-Jul-2002  21:34  77,245  Cpt03.htm   01-Aug-2002  18:24  32,982  Dfs01.htm   01-Aug-2002  18:24   1,206  Dvdhtm01.js   01-Aug-2002  18:24  18,804  Hcerr_07.htm   01-Aug-2002  18:24  19,520  Hcpan_09.htm   01-Aug-2002  18:24   3,159  Hcscr_01.js   01-Aug-2002  18:24  37,469  Hcspa_06.htm   13-Aug-2002  20:35   2,368  Package_description.xml   01-Aug-2002  18:24     540  Raclientlayout.xml   01-Aug-2002  18:24     666  Rahelpeeacceptlayout.xml   01-Aug-2002  18:24     587  Raimlayout.xml   01-Aug-2002  18:24     569  Raura.xml   01-Aug-2002  18:24  16,097  Sihtm_03.htm   01-Aug-2002  18:24  14,129  Sihtm_04.js   01-Aug-2002  18:24  32,141  Sihtm_05.js   01-Aug-2002  18:24  25,050  Sihtm_06.htm   01-Aug-2002  18:24  27,910  Sihtm_06.js   01-Aug-2002  18:24   7,840  Sihtm_12.htm				

Windows XP 64-Bit Edition

   Date         Time   Version       Size       File name   ---------------------------------------------------------   23-Sep-2002  22:06  5.1.2600.101  2,429,440  Helpctr.exe   23-Sep-2002  22:05  5.1.2600.101  2,636,288  Helpsvc.exe   23-Sep-2002  21:48                   27,774  Hscmui.cab   23-Sep-2002  22:05  5.1.2600.101     22,016  Hscupd.exe   23-Sep-2002  21:49                   68,110  Hscxpsp1.cab   23-Sep-2002  22:06  5.1.2600.101    487,936  Msconfig.exe   30-Sep-2002  16:26  5.1.2600.101    340,480  Pchshell.dll   30-Sep-2002  16:26  5.1.2600.101    107,008  Pchsvc.dll				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name   ---------------------------------------------------   19-Jul-2002  22:12  32,982  Dfs01.htm   25-Apr-2002  22:15   1,206  Dvdhtm01.js   17-Apr-2002  22:22  19,520  Hcpan_09.htm   17-Apr-2002  22:22  37,469  Hcspa_06.htm   13-Aug-2002  21:18   1,492  Package_description.xml				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name   ---------------------------------------------------   17-Jul-2002  21:34  77,245  Cpt03.htm   01-Aug-2002  18:24  32,982  Dfs01.htm   01-Aug-2002  18:24   1,206  Dvdhtm01.js   01-Aug-2002  18:24  18,804  Hcerr_07.htm   01-Aug-2002  18:24  19,520  Hcpan_09.htm   01-Aug-2002  18:24   3,159  Hcscr_01.js   01-Aug-2002  18:24  37,469  Hcspa_06.htm   13-Aug-2002  21:05   1,673  Package_description.xml   01-Aug-2002  18:24  16,097  Sihtm_03.htm   01-Aug-2002  18:24  14,129  Sihtm_04.js   01-Aug-2002  18:24  32,141  Sihtm_05.js   01-Aug-2002  18:24  25,050  Sihtm_06.htm   01-Aug-2002  18:24  27,910  Sihtm_06.js   01-Aug-2002  18:24   7,840  Sihtm_12.htm				
Status
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1 (SP1).
More information
For more information, visit the following Microsoft Web site:
security_patch
Properties

Article ID: 328940 - Last Review: 01/12/2015 20:51:40 - Revision: 4.0

Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows XP Professional x64 Edition

  • kbnosurvey kbarchive kbbug kbfix kbqfe kbsecbulletin kbsecurity kbsecvulnerability kbwinxpsp1fix KB328940
Feedback