SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Shell Vendors:   Microsoft
Windows Shell COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024555
SecurityTracker URL:  http://securitytracker.com/id/1024555
CVE Reference:   CVE-2010-1263   (Links to External Site)
Updated:  Dec 15 2010
Original Entry Date:  Oct 12 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7, 2008 R2; and prior service packs
Description:   A vulnerability was reported in Windows Shell. A remote user can cause arbitrary code to be executed on the target user's system.

Windows Shell and WordPad do not properly validate COM object instantiation. A remote user can create a specially crafted WordPad file or shortcut file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A shortcut file located on a network or WebDAV share can trigger this flaw.

HD Moore of Rapid7 reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=211D95BE-5630-4AF5-85A7-C50268C475A9

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4B6F0898-8F77-4CE1-9C96-2B17C496230B

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=13C08EC0-53AE-4B85-B669-8C88F6089259

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=02519F9E-E1C5-48A1-8420-01898C45EC01

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=1064BCCB-3CE6-4A72-8788-56D8021BCA91

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=80C99D69-4B97-4AF2-8F8E-F3B300A89A5A

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B73951F2-A7EB-4C7C-BF60-FDCFEE83574F

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=FD507E7A-4516-474B-8F33-7FA8FD2AFA6D

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B5F53FAF-61E2-4B4E-8B85-C5E8F38E5C30

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5EFE55B0-D34D-4F00-98B2-CC0E9807A8B9

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=B0D46BC3-24DB-4207-B6FC-46B8CC64F075

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=2DE197C0-6D9E-460E-9509-F337FAC8EE85

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=70622D35-4877-4CBB-BDBF-7648DC1EA8ED

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=3CEC2B70-F694-4C0D-BF82-96A4FD50675D

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=DFF92449-22AD-49A8-8B28-5295A8AF5B8B

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=C9D2261F-BD9A-4495-A2F1-3C3B2208B01E

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4A8C2358-36EA-4757-ABFC-5BFFCAD0A872

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=612AB78C-1FF1-45D2-96CC-AE831FB0A563

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=D30368CB-C6E8-403E-AAF6-425F96B6211E

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=4A422192-D7FA-47E5-9661-2C65EAEFAF62

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=03665687-8FD4-4AFD-AC33-5F6824F51DF8

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=1C2FF242-65E3-4D47-BFCA-4DB30F809ED8

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=F478020B-0305-47D5-BCB2-0758F292DB29

A restart is required.

On December 14, 2010, Microsoft issued an additional update for Windows Vista SP2 (KB979688) and Windows Server 2008 SP2 (KB979688) for users that have installed Windows Search 4.0 on Windows Vista SP1 or Windows Server 2008, then installed the security update offered in KB2405882, and then migrated to Windows Vista SP2 or Windows Server 2008 SP2. Customers in this scenario need to install the new update offered in KB2405882 to be protected.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-083.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC