Is there a fix for the xp logoff vulnerability?

March 16th, 2002

I'm sure you all remember the vulnerability in Windows XP where a script can logoff the user in windows XP. Is there any patch or at least a knowledge base article for this. Viewing the script, I think you could run any file on xp if you knew the extension.

I'm posting my preview page. Don't go to the following link. It will only log you off of Windows XP if Active Scripting is enabled or you allow the script to run. Turn off active scripting now and go to the page so you can view the source. Can any known file be executed?

click at your own risk --> XP Logoff Vulnerability Sample

March 17th, 2002

I don't think there is, and for posterity's sake, I would suggest, if you feel the need to post yet another demo site, just type the address rather than make the url a link...some people are just click-happy, and granted it's their fault for being so, but still...
/Lactic

March 17th, 2002

HEY DON'T DO THAT!!!

...

That trick works on Win2kADS too...

**Qumahlin** · March 17th, 2002

actually that trick works on any NT version of windows with active scripting enabled, thats why I have norton and IE set to ask before running any scripts, saves you the hassle of having to go through stuff like that :P

March 17th, 2002

I think MS are finding this one hard to fix, been out for a while now

Heres the easiest way to Prevent

http://www.xp-erience.org/forum/show...&threadid=6353

March 18th, 2002

its not just logoff, it can launch any program INCLUDING DELTREE

Microsoft have known about it for MONTHS

I can't believe there is no fix. This proves MS do not give a damn about security.

**Qumahlin** · March 19th, 2002

before it launches deltree or such you have to confirm it. or else you'd see so many viruses with this type of exploit it would be out of control :P, just turn off active scripting, you most likely don't need it, or set it to ask before running.

March 19th, 2002

before it launches deltree or such you have to confirm it.

Not with default settigns.

**Lonman** · March 19th, 2002

My XP must be broke... I can never get that vulnerability to (ahem) 'work' for me (it doesn't log me off).

**Shamus MacNoob** · March 25th, 2002

I turned off the active scripting thats fine but for some reason NAV2002 did not see that and I would get logged off .....and yes the block scripts is on in NAV ..... wonder what the hell thats all about ...........anyways for now the active scripting is off but worries me NAV let that pass

**Lonman** · March 25th, 2002

I just figured out why I don't get logged off... I have XP install on my D: partition... the script is written to target the C: partition/drive. So there's one workaround for you.

**Shamus MacNoob** · March 26th, 2002

Thats cool ........ but dont you think NAV2002 should be able to stop it ???

**Qumahlin** · March 26th, 2002

NAV isn't stopping it because it isn't listed as a malicious script. it's passing a command to log off, which doesn't cause any damage unless you were writing a report or something..and even then if you have a newer version of word or whatnot it would be autosaved...so NAV lets it pass =/

**Shamus MacNoob** · March 26th, 2002

Yes looking back at that you are 100% right Q just sucks is all LOLOLOLOL oh well maybe microscrap will figure something out eh .........

March 26th, 2002

I know know that Trend Micros sees it. Well, it least it saw it when I did the free online scan. Didn't delete the page though, since I want it. I'll bet PC-Cillin stops it.

March 16th, 2002	Top \| #1
Powerchordpunk Unregistered Posts: n/a	Is there a fix for the xp logoff vulnerability? I'm sure you all remember the vulnerability in Windows XP where a script can logoff the user in windows XP. Is there any patch or at least a knowledge base article for this. Viewing the script, I think you could run any file on xp if you knew the extension. I'm posting my preview page. Don't go to the following link. It will only log you off of Windows XP if Active Scripting is enabled or you allow the script to run. Turn off active scripting now and go to the page so you can view the source. Can any known file be executed? click at your own risk --> XP Logoff Vulnerability Sample

March 25th, 2002	Top \| #10
Shamus MacNoob OSNN Veteran Addict Joined: January 2002 Location: Brossard,Quebec Posts: 4,199 Blog Entries: 1 Reputation: 1481 Power: 182	I turned off the active scripting thats fine but for some reason NAV2002 did not see that and I would get logged off .....and yes the block scripts is on in NAV ..... wonder what the hell thats all about ...........anyways for now the active scripting is off but worries me NAV let that pass ASUS PN5-E SLI,Intel E8400,2 x 8800GTX 768mb SLI,ASUS VW266H 26 inch LCD, 8 GB Crucial Ballistix Tracer, Silverstone Strider 850watt PSU.Windows 7 Ultimate 64bit.

March 26th, 2002	Top \| #12
Shamus MacNoob OSNN Veteran Addict Joined: January 2002 Location: Brossard,Quebec Posts: 4,199 Blog Entries: 1 Reputation: 1481 Power: 182	Thats cool ........ but dont you think NAV2002 should be able to stop it ??? ASUS PN5-E SLI,Intel E8400,2 x 8800GTX 768mb SLI,ASUS VW266H 26 inch LCD, 8 GB Crucial Ballistix Tracer, Silverstone Strider 850watt PSU.Windows 7 Ultimate 64bit.

March 26th, 2002	Top \| #14
Shamus MacNoob OSNN Veteran Addict Joined: January 2002 Location: Brossard,Quebec Posts: 4,199 Blog Entries: 1 Reputation: 1481 Power: 182	Yes looking back at that you are 100% right Q just sucks is all LOLOLOLOL oh well maybe microscrap will figure something out eh ......... ASUS PN5-E SLI,Intel E8400,2 x 8800GTX 768mb SLI,ASUS VW266H 26 inch LCD, 8 GB Crucial Ballistix Tracer, Silverstone Strider 850watt PSU.Windows 7 Ultimate 64bit.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Logoff causing reboot!	Mainframeguy	Windows Desktop Systems	2	September 18th, 2004 3:17am
Login and Logoff sounds for XP	Blade195	Desktop Customisation	3	August 5th, 2004 10:43pm
Logoff script	CodeReliant	Windows Desktop Systems	2	February 12th, 2004 7:32am
XP Auto Logoff	Teddy	Windows Desktop Systems	1	May 24th, 2003 3:26pm
Pc Anywhere - Windows XP Logoff	Fhuising	Windows Desktop Systems	2	July 12th, 2002 10:58pm

Latest News Posts

Latest Forum Posts

Latest Member Blogs

March 17th, 2002	Top \| #2
Lactic.Acid Unregistered Posts: n/a	I don't think there is, and for posterity's sake, I would suggest, if you feel the need to post yet another demo site, just type the address rather than make the url a link...some people are just click-happy, and granted it's their fault for being so, but still... /Lactic

March 17th, 2002	Top \| #3
MiseryQ Unregistered Posts: n/a	HEY DON'T DO THAT!!! ... That trick works on Win2kADS too...

March 17th, 2002	Top \| #4
Qumahlin OSNN Veteran Addict Joined: December 2001 Posts: 2,006 Reputation: 0 Power: 148	actually that trick works on any NT version of windows with active scripting enabled, thats why I have norton and IE set to ask before running any scripts, saves you the hassle of having to go through stuff like that :P

March 17th, 2002	Top \| #5
max Unregistered Posts: n/a	I think MS are finding this one hard to fix, been out for a while now Heres the easiest way to Prevent http://www.xp-erience.org/forum/show...&threadid=6353

March 18th, 2002	Top \| #6
insaNity Unregistered Posts: n/a	its not just logoff, it can launch any program INCLUDING DELTREE Microsoft have known about it for MONTHS I can't believe there is no fix. This proves MS do not give a damn about security.

March 19th, 2002	Top \| #7
Qumahlin OSNN Veteran Addict Joined: December 2001 Posts: 2,006 Reputation: 0 Power: 148	before it launches deltree or such you have to confirm it. or else you'd see so many viruses with this type of exploit it would be out of control :P, just turn off active scripting, you most likely don't need it, or set it to ask before running.

March 19th, 2002	Top \| #8
insaNity Unregistered Posts: n/a	before it launches deltree or such you have to confirm it. Not with default settigns.

March 19th, 2002	Top \| #9
Lonman Bleh! Joined: December 2001 Posts: 2,642 Reputation: 60 Power: 154	My XP must be broke... I can never get that vulnerability to (ahem) 'work' for me (it doesn't log me off).

March 25th, 2002	Top \| #11
Lonman Bleh! Joined: December 2001 Posts: 2,642 Reputation: 60 Power: 154	I just figured out why I don't get logged off... I have XP install on my D: partition... the script is written to target the C: partition/drive. So there's one workaround for you.

March 26th, 2002	Top \| #13
Qumahlin OSNN Veteran Addict Joined: December 2001 Posts: 2,006 Reputation: 0 Power: 148	NAV isn't stopping it because it isn't listed as a malicious script. it's passing a command to log off, which doesn't cause any damage unless you were writing a report or something..and even then if you have a newer version of word or whatnot it would be autosaved...so NAV lets it pass =/

March 26th, 2002	Top \| #15
Powerchordpunk Unregistered Posts: n/a	I know know that Trend Micros sees it. Well, it least it saw it when I did the free online scan. Didn't delete the page though, since I want it. I'll bet PC-Cillin stops it.