[原文]The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure
Local Access Required,
Loss of Confidentiality
Microsoft Windows XP Home & Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a local non-privileged user is allowed to retrieve configured wireless profiles using the "WZCQueryInterface()" API via the Wireless Zero Configuration service (wzcsapi.dll), which will disclose configured SSIDs, WEP keys, or the PMK (Pairwise Master Key) that is used for pre-shared key authentication in WPA (Wi-Fi Protected Access), resulting in a loss of confidentiality. Additionally, the explorer process stores the same information in plaintext offering an additional method to gain the information.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.