SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Shell Vendors:   Microsoft
Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015040
SecurityTracker URL:  http://securitytracker.com/id/1015040
CVE Reference:   CVE-2005-2117, CVE-2005-2118, CVE-2005-2122   (Links to External Site)
Updated:  Jan 22 2008
Original Entry Date:  Oct 11 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4, XP SP2, 2003 SP1; and prior service packs
Description:   A vulnerability was reported in the Microsoft Windows Shell. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a shortcut file ('.lnk' file) with specially crafted properties such that when the file is loaded by the target user or when the properties are viewed by the target user, arbitrary code will be executed with the privileges of the target user.

A remote user can also create a specially crafted file containing certain HTML characters. When the file is previewed by the target user with the Web View feature in Windows Explorer, arbitrary code will be executed with the privileges of the target user.

The vendor credits Cesar Cerrudo of Argeniss and Brett Moore of security-assessment.com with reporting this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1F063C4A-B0BF-49C6-928B-F1F076C69612

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7241DEB-9E2D-401A-9D71-10ACAB4450AF

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=594AD01B-F333-4C56-9C12-D1A8B82F2A6E

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1A4FCFDE-E549-4078-A180-076A23CB8BB7

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3BA63AF8-3D36-4F3C-BFEE-11B62572AF73

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=994B14B4-EE98-4B61-BDBE-CA5C20094855

A restart is required.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-049.mspx (Links to External Site)
Cause:   Exception handling error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC