CVE-2002-0974

Help and Support Center for Windows XP - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0974. PoCs published by Shane Hird.

AI-analyzed exploit summary This exploit leverages the HCP protocol handler in Microsoft Internet Explorer on Windows XP to delete local files via an ActiveX control in the Help and Support Center. The attack is executed through a maliciously crafted link that bypasses security zone restrictions.

Description

Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shane Hird · textremotewindows

https://www.exploit-db.com/exploits/21717

View Code ZIP pw:eip

This exploit leverages the HCP protocol handler in Microsoft Internet Explorer on Windows XP to delete local files via an ActiveX control in the Help and Support Center. The attack is executed through a maliciously crafted link that bypasses security zone restrictions.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer on Windows XP

No auth needed

Prerequisites: Victim must be using Microsoft Internet Explorer on Windows XP · Victim must click on a malicious link

MITRE ATT&CK