Microsoft Windows XP - '.Manifest' Denial of Service

EDB-ID:

21240


Type:

dos


Platform:

Windows

Date:

2002-01-21


source: https://www.securityfocus.com/bid/3942/info

To enable desktop skinning, Microsoft Windows XP uses '.manifest' files ('<filename>.exe.manifest'). This file contains XML code that tells Windows XP to use the XP controls.

Due to a flaw, Windows XP fails to properly verify the XML code within a '.manifest' file.

If XML code is modified, the associated application will not start, causing a denial of service.

This issue could pose a more serious threat if the XML code associated with 'explorer.exe' is modified. If the 'explorer.exe.manifest' file is modified, then when the computer restarts, the system will hang and 'explorer.exe' will not load, causing a denial of service.

Reportedly, the repair function will not resolve this issue. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21240.zip