SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Explorer Vendors:   Microsoft
(Vendor Issues Fix) Windows XP Explorer Executes Arbitrary Code in Folders
SecurityTracker Alert ID:  1009775
SecurityTracker URL:  http://securitytracker.com/id/1009775
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 14 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Windows XP Explorer
Description:   A vulnerability was reported in Microsoft Windows XP in Windows Explorer. A remote user can create a folder that, when viewed by the target user, will execute arbitrary code on the target user's system.

http-equiv reported that a remote user can create a specially crafted 'folder' that includes HTML scripting code and a Windows executable ('.exe' file) containing arbitary code. When a target user attempts to view the contents of the 'folder' (which may be considered an ostensibly safe task by many users), the arbitrary code will be automatically executed on the target user's computer by Windows Explorer. The code will run with the privileges of the target user.

If the 'folder' is an HTML-based file, Windows Explorer (on XP) will execute the file when viewed, extracted, or opened. The scripting code can reference the executable contained in the 'folder', causing the executable to run.

A demonstration exploit is available at:

http://www.malware.com/my.pics.zip

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   Microsoft has issued an update (MS04-011) and reports that this update causes files that end with the file name extension .folder to no longer be associated with a directory.

Patches are available for the following operating systems [please note that even though we have listed all the patches provided in MS04-011, not all operating systems are affected equally by all vulnerabilities]:

Microsoft Windows NT Workstation 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en

Microsoft Windows XP 64-Bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 64-Bit Edition:

http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft NetMeeting: (no URL was provided)

A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative security update, the vendor said.

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-011.mspx (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Jan 25 2004 Windows XP Explorer Executes Arbitrary Code in Folders



 Source Message Contents

Subject:  '.folder' vulnerability


MS04-011

Microsoft reports that this update causes files that end with the file name extension 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC