SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1018831
SecurityTracker URL:  http://securitytracker.com/id/1018831
CVE Reference:   CVE-2007-3896   (Links to External Site)
Updated:  Nov 13 2007
Original Entry Date:  Oct 18 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): XP SP2 and prior, 2003 SP2 and prior
Description:   A vulnerability was reported in Microsoft Windows when running Internet Explorer 7. A remote user can cause arbitrary commands to be executed on the target user's system.

A remote user can create a specially crafted URI that, when loaded by the target user via another application, will execute arbitrary commands on the target system. The code will run with the privileges of the target user.

The vulnerability resides in the Windows ShellExecute() function.

Windows XP and Windows Server 2003 are affected when running Internet Explorer 7.

Windows Vista is not affected.

This vulnerability is being actively exploited.

Billy (BK) Rios , Jesper Johansson, Carsten H. Eiram of Secunia, Aviv Raff of Finjan, and Petko Petkov of gnucitizen reported this vulnerability.

[Editor's note: This vulnerability has been previously reported as affecting various software applications, including Mozilla Firefox and Adobe Reader. URIs embedded within applications can be used as an attack vector.]

Impact:   A remote user can create a URI that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8ba1c2f9-1bde-4e97-b327-21259c5e5104

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4ef7fdd7-8887-4c64-a70c-c6ae734d7c5f

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e5d8a866-2c1f-4035-8325-c1be61a75c3b

Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bf26da08-15b8-4d65-ba12-4cc74c7a1326

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1c055f11-3273-4a4c-a33f-bf61ac9ec4c5

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx

The original Microsoft advisory is available at:

http://www.microsoft.com/technet/security/advisory/943521.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms07-061.mspx (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC