Follow:

Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420

Severity rating
Important

Class/Type
Exploit

Discovered date
2004-08-10T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the way that the Windows Shell launches applications. An attacker could exploit the vulnerability if a user visited a malicious Web site. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.



Impact

An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.



Technical details (analysis)

Windows Shell APIs are the programming interfaces that support extensions of the system’s operational environment.The Windows Shell application programming interface (API) supports the ability to associate a class identifier (CLSID) with a file type. An attacker could use a CLSID instead of the valid extension for a file type that could help persuade a user to run a malicious program.This is remote code execution vulnerability. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.



Affected software

Microsoft Windows NT® Workstation 4.0 Service Pack 6a.
Microsoft Windows NT Server 4.0 Service Pack 6a.
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6.
Microsoft Windows NT® Workstation 4.0 Service Pack 6a and NT Server 4.0 Service Pack 6a with Active Desktop.
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4.
Microsoft Windows XP and Microsoft Windows XP Service Pack 1.
Microsoft Windows XP 64-Bit Edition Version 2003.
Microsoft Windows Server™ 2003.
Microsoft Windows Server 2003 64-Bit Edition



Non-affected software

All the applications which are not in the affected list



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420
Release Date: 2004-08-10T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

None