header-logo
Suggest Exploit
vendor:
Windows XP
by:
SecurityFocus
7.2
CVSS
HIGH
Denial of Service
20
CWE
Product Name: Windows XP
Affected Version From: Windows XP
Affected Version To: Windows XP
Patch Exists: NO
Related CWE: N/A
CPE: o:microsoft:windows_xp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Windows XP ‘.manifest’ File Denial of Service Vulnerability

Microsoft Windows XP fails to properly verify the XML code within a '.manifest' file. If XML code is modified, the associated application will not start, causing a denial of service. This issue could pose a more serious threat if the XML code associated with 'explorer.exe' is modified. If the 'explorer.exe.manifest' file is modified, then when the computer restarts, the system will hang and 'explorer.exe' will not load, causing a denial of service.

Mitigation:

Ensure that the '.manifest' files are not modified.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3942/info

To enable desktop skinning, Microsoft Windows XP uses '.manifest' files ('<filename>.exe.manifest'). This file contains XML code that tells Windows XP to use the XP controls.

Due to a flaw, Windows XP fails to properly verify the XML code within a '.manifest' file.

If XML code is modified, the associated application will not start, causing a denial of service.

This issue could pose a more serious threat if the XML code associated with 'explorer.exe' is modified. If the 'explorer.exe.manifest' file is modified, then when the computer restarts, the system will hang and 'explorer.exe' will not load, causing a denial of service.

Reportedly, the repair function will not resolve this issue. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21240.zip

Navigation

Suggest Exploit

Services By CQR