MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion

Article translations Article translations
Article ID: 328940 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Symptoms

The Windows XP Help and Support center includes a feature that runs when the Found New Hardware Wizard completes. This feature prompts you to send hardware profile information to Microsoft so that you can receive information about how to obtain the appropriate driver, or obtain support for the hardware that you installed. If you agree to send this data to Microsoft, Help and Support uses the Uplddrvinfo.htm file to send your hardware profile information to the Microsoft Driver Feedback server by using the Upload Manager service.

There is a security vulnerability in the JScript code in the Uplddrvinfo.htm file that might permit an attacker to delete files on your computer by using the hcp:// pluggable protocol to load the Uplddrvinfo.htm file.

Resolution

Download Information

Although this patch is included with Windows XP Service Pack 1 (SP1), Microsoft has made it available for individual download for your convenience. For additional information about Windows XP SP1, click the article number below to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
The following files are available for download from the Microsoft Download Center:

Windows XP Home Edition and Windows XP Professional

English (US):
Collapse this imageExpand this image
Download
Download the Q328940 package now

Arabic:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Chinese (Simplified):
Collapse this imageExpand this image
Download
Download the Q328940 package now

Chinese (Traditional):
Collapse this imageExpand this image
Download
Download the Q328940 package now

Czech:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Danish:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Dutch:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Finnish:
Collapse this imageExpand this image
Download
Download the Q328940 package now

French:
Collapse this imageExpand this image
Download
Download the Q328940 package now

German:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Greek:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Hebrew:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Hungarian:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Italian:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Japanese:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Korean:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Norwegian:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Portuguese:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Portuguese (Brazil):
Collapse this imageExpand this image
Download
Download the Q328940 package now

Russian:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Spanish:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Swedish:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Turkish:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Windows XP 64-Bit Edition

English (US):
Collapse this imageExpand this image
Download
Download the Q328940 package now

French:
Collapse this imageExpand this image
Download
Download the Q328940 package now

German:
Collapse this imageExpand this image
Download
Download the Q328940 package now

Japanese:
Collapse this imageExpand this image
Download
Download the Q328940 package now
Release Date: October 16, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when the installation is complete.
  • /q: Quiet mode (no user interaction).
  • /l: List installed hotfixes.
  • /x Extract the files without running Setup.
For example, to install the update without any user intervention and to not force the computer to restart, use the following command line:
q328940_wxp_sp1_x86_enu /u /q /z
WARNING: Your computer is vulnerable until you restart it.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (also known as Universal Time Coordinate [UTC]). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition and Windows XP Professional

   Date         Time   Version       Size     File name
   -------------------------------------------------------
   23-Sep-2002  22:03  5.1.2600.101  728,064  Helpctr.exe
   23-Sep-2002  22:02  5.1.2600.101  696,832  Helpsvc.exe
   23-Sep-2002  21:48                 27,774  Hscmui.cab
   23-Sep-2002  22:02  5.1.2600.101    9,216  Hscupd.exe
   23-Sep-2002  21:49                 70,111  Hscxpsp1.cab
   23-Sep-2002  22:03  5.1.2600.101  145,408  Msconfig.exe
   30-Sep-2002  16:25  5.1.2600.101   94,208  Pchshell.dll
   30-Sep-2002  16:25  5.1.2600.101   33,280  Pchsvc.dll
				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   19-Jul-2002  22:12  32,982  Dfs01.htm
   25-Apr-2002  22:15   1,206  Dvdhtm01.js
   17-Apr-2002  22:22  19,520  Hcpan_09.htm
   17-Apr-2002  22:22  37,469  Hcspa_06.htm
   13-Aug-2002  21:18   1,492  Package_description.xml
				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name
   ----------------------------------------------------
   12-Aug-2002  22:11   5,231  Common.js
   17-Jul-2002  21:34  77,245  Cpt03.htm
   01-Aug-2002  18:24  32,982  Dfs01.htm
   01-Aug-2002  18:24   1,206  Dvdhtm01.js
   01-Aug-2002  18:24  18,804  Hcerr_07.htm
   01-Aug-2002  18:24  19,520  Hcpan_09.htm
   01-Aug-2002  18:24   3,159  Hcscr_01.js
   01-Aug-2002  18:24  37,469  Hcspa_06.htm
   13-Aug-2002  20:35   2,368  Package_description.xml
   01-Aug-2002  18:24     540  Raclientlayout.xml
   01-Aug-2002  18:24     666  Rahelpeeacceptlayout.xml
   01-Aug-2002  18:24     587  Raimlayout.xml
   01-Aug-2002  18:24     569  Raura.xml
   01-Aug-2002  18:24  16,097  Sihtm_03.htm
   01-Aug-2002  18:24  14,129  Sihtm_04.js
   01-Aug-2002  18:24  32,141  Sihtm_05.js
   01-Aug-2002  18:24  25,050  Sihtm_06.htm
   01-Aug-2002  18:24  27,910  Sihtm_06.js
   01-Aug-2002  18:24   7,840  Sihtm_12.htm
				

Windows XP 64-Bit Edition

   Date         Time   Version       Size       File name
   ---------------------------------------------------------
   23-Sep-2002  22:06  5.1.2600.101  2,429,440  Helpctr.exe
   23-Sep-2002  22:05  5.1.2600.101  2,636,288  Helpsvc.exe
   23-Sep-2002  21:48                   27,774  Hscmui.cab
   23-Sep-2002  22:05  5.1.2600.101     22,016  Hscupd.exe
   23-Sep-2002  21:49                   68,110  Hscxpsp1.cab
   23-Sep-2002  22:06  5.1.2600.101    487,936  Msconfig.exe
   30-Sep-2002  16:26  5.1.2600.101    340,480  Pchshell.dll
   30-Sep-2002  16:26  5.1.2600.101    107,008  Pchsvc.dll
				
The Hscmui.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   19-Jul-2002  22:12  32,982  Dfs01.htm
   25-Apr-2002  22:15   1,206  Dvdhtm01.js
   17-Apr-2002  22:22  19,520  Hcpan_09.htm
   17-Apr-2002  22:22  37,469  Hcspa_06.htm
   13-Aug-2002  21:18   1,492  Package_description.xml
				
The Hscxpsp1.cab file contains the following files:
   Date         Time   Size    File name
   ---------------------------------------------------
   17-Jul-2002  21:34  77,245  Cpt03.htm
   01-Aug-2002  18:24  32,982  Dfs01.htm
   01-Aug-2002  18:24   1,206  Dvdhtm01.js
   01-Aug-2002  18:24  18,804  Hcerr_07.htm
   01-Aug-2002  18:24  19,520  Hcpan_09.htm
   01-Aug-2002  18:24   3,159  Hcscr_01.js
   01-Aug-2002  18:24  37,469  Hcspa_06.htm
   13-Aug-2002  21:05   1,673  Package_description.xml
   01-Aug-2002  18:24  16,097  Sihtm_03.htm
   01-Aug-2002  18:24  14,129  Sihtm_04.js
   01-Aug-2002  18:24  32,141  Sihtm_05.js
   01-Aug-2002  18:24  25,050  Sihtm_06.htm
   01-Aug-2002  18:24  27,910  Sihtm_06.js
   01-Aug-2002  18:24   7,840  Sihtm_12.htm
				

Status

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1 (SP1).

More information

For more information, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS02-060.mspx

Properties

Article ID: 328940 - Last Review: December 25, 2014 - Revision: 4.0
Applies to
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbqfe kbsecbulletin kbsecurity kbsecvulnerability kbwinxpsp1fix KB328940

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com