Is there a fix for the xp logoff vulnerability?

[Powerchordpunk]

I'm sure you all remember the vulnerability in Windows XP where a script can logoff the user in windows XP. Is there any patch or at least a knowledge base article for this. Viewing the script, I think you could run any file on xp if you knew the extension.

I'm posting my preview page. Don't go to the following link. It will only log you off of Windows XP if Active Scripting is enabled or you allow the script to run. Turn off active scripting now and go to the page so you can view the source. Can any known file be executed?

click at your own risk --> XP Logoff Vulnerability Sample

 

[Lactic.Acid]

I don't think there is, and for posterity's sake, I would suggest, if you feel the need to post yet another demo site, just type the address rather than make the url a link...some people are just click-happy, and granted it's their fault for being so, but still...
/Lactic

 

[MiseryQ]

HEY DON'T DO THAT!!! 😀...

That trick works on Win2kADS too...

 

[Qumahlin]

actually that trick works on any NT version of windows with active scripting enabled, thats why I have norton and IE set to ask before running any scripts, saves you the hassle of having to go through stuff like that 😛

 

[max]

I think MS are finding this one hard to fix, been out for a while now 🙁

Heres the easiest way to Prevent

http://www.xp-erience.org/forum/showthread.php?s=&threadid=6353

 

[insaNity]

its not just logoff, it can launch any program INCLUDING DELTREE 😱

Microsoft have known about it for MONTHS

I can't believe there is no fix. This proves MS do not give a damn about security.

 

[Qumahlin]

before it launches deltree or such you have to confirm it. or else you'd see so many viruses with this type of exploit it would be out of control 😛, just turn off active scripting, you most likely don't need it, or set it to ask before running.

 

[insaNity]

before it launches deltree or such you have to confirm it.

Not with default settigns.

 

[Lonman]

My XP must be broke... I can never get that vulnerability to (ahem) 'work' for me (it doesn't log me off). 😛

 

[Shamus MacNoob]

I turned off the active scripting thats fine but for some reason NAV2002 did not see that and I would get logged off .....and yes the block scripts is on in NAV ..... wonder what the hell thats all about ...........anyways for now the active scripting is off but worries me NAV let that pass

 

[Lonman]

I just figured out why I don't get logged off... I have XP install on my D: partition... the script is written to target the C: partition/drive. So there's one workaround for you. 😉

 

[Shamus MacNoob]

Thats cool ........ but dont you think NAV2002 should be able to stop it ???

 

[Qumahlin]

NAV isn't stopping it because it isn't listed as a malicious script. it's passing a command to log off, which doesn't cause any damage unless you were writing a report or something..and even then if you have a newer version of word or whatnot it would be autosaved...so NAV lets it pass =/

 

[Shamus MacNoob]

Yes looking back at that you are 100% right Q just sucks is all LOLOLOLOL oh well maybe microscrap will figure something out eh .........

 

[Powerchordpunk]

I know know that Trend Micros sees it. Well, it least it saw it when I did the free online scan. Didn't delete the page though, since I want it. I'll bet PC-Cillin stops it.