X
Tech
Home Tech Services & Software Operating Systems Windows

Malicious 'Error 404' message exploits Windows XP SP2

According to controversial security Web site K-otik, it may be possible to create a custom "Error 404" message to disguise an executable file as 'safe' HTML code.Error 404 messages are usually displayed when the browser cannot locate an Internet address.
Written by Munir Kotadia, Contributor
According to controversial security Web site K-otik, it may be possible to create a custom "Error 404" message to disguise an executable file as 'safe' HTML code.

Error 404 messages are usually displayed when the browser cannot locate an Internet address.

According to K-otik, which has published exploit codes to take advantage of the flaw, it is possible to craft a special error message that is able to bypass a security function in IE that was created to warn users before they download potentially harmful content.

The advisory on K-otik's Web site states that although there is some user interaction required to exploit the vulnerability, it may be possible to fool a user into downloading and executing a malicious file by using a simple social engineering technique.

According to the advisory, a malicious Web site could prompt all its visitors with a standard grey dialogue box welcoming a user to the site before allowing access to the site's content. If a user clicks on the welcome box they could unknowingly install a file that gives control of their computer to a third party.

"IE attempts to intercept risky code and prompts a security warning message but it seems to allow custom HTTP errors to filter through those security checks. It may be possible to execute the downloaded file by simply forcing the user to press the Enter key," the advisory said.

On November 15, security firm Finjan claimed it had discovered ten flaws in Windows XP SP2 that could allow attackers to "silently and remotely take over an SP2 machine when the user simply browses a Web page".

According to Finjan, hackers could bypass XP SP2's notification mechanism about downloading and execution of .exe, which could let them download files without warning the user.

The code published on K-otik's Web site seems to exploit the same flaw.

At the time, Microsoft said it was investigating Finjan's claims but tried to play down the severity of the flaws.

In a statement, a Microsoft spokesperson said: "Our early analysis indicates that Finjan's claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2."

Microsoft was unable to comment on K-otik's advisory and could not confirm if both companies has stumbled across the same flaw.

Silicon.com's Jo Best contributed to this report.

Editorial standards
Show Comments

Related

The Apple Watch Ultra 2 with an Atlantic Blue Nomad Rugged Band.

6 reasons to buy an Apple Watch, according to a wearables expert

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

Placeholder product image alt text

The best AI image generators to try right now