SecurityTracker.com Archives - Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: OS (Microsoft) > Windows Shell

Vendors: Microsoft

Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1015040

SecurityTracker URL: http://securitytracker.com/id?1015040

CVE Reference: CVE-2005-2117 , CVE-2005-2118 , CVE-2005-2122 (Links to External Site)

Updated: Jan 22 2008

Original Entry Date: Oct 11 2005

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Microsoft Security Bulletin

Version(s): 2000 SP4, XP SP2, 2003 SP1; and prior service packs

Description: A vulnerability was reported in the Microsoft Windows Shell. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a shortcut file ('.lnk' file) with specially crafted properties such that when the file is loaded by the target user or when the properties are viewed by the target user, arbitrary code will be executed with the privileges of the target user.

A remote user can also create a specially crafted file containing certain HTML characters. When the file is previewed by the target user with the Web View feature in Windows Explorer, arbitrary code will be executed with the privileges of the target user.

The vendor credits Cesar Cerrudo of Argeniss and Brett Moore of security-assessment.com with reporting this vulnerability.

Impact: A remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user.

Solution: The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1F063C4A-B0BF-49C6-928B-F1 F076C69612

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7241DEB-9E2D-401A- 9D71-10ACAB4450AF

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=594AD01B-F333-4C56-9C12-D1A8B82F2A6E

Mi crosoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1A4FCFDE-E549-4078-A180-076A23CB 8BB7

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/download s/details.aspx?FamilyId=3BA63AF8-3D36-4F3C-BFEE-11B62572AF73

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=994 B14B4-EE98-4B61-BDBE-CA5C20094855

A restart is required.

Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-049.mspx (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Mon, 10 Oct 2005 23:12:21 -0400
Subject: MS05-049

 
 
http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC