Follow:

Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2004-10-12T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the way that the Windows Shell starts applications. An attacker could exploit the vulnerability if a user visited a malicious Web site.



Impact

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.



Technical details (analysis)

The Microsoft Windows user interface (UI) provides users with access to a wide variety of objects that are necessary for running applications and managing the operating system. The most numerous and familiar of these objects are the folders and files that reside on computer disk drives. There are also a number of virtual objects that allow the user to do tasks such as sending files to remote printers or accessing the Recycle Bin. The Shell organizes these objects into a hierarchical namespace and provides users and applications with a consistent and efficient way to access and manage objects. SAMBA server share of a particular length can overrun a buffer on a SAMBA client in the windows shell code.



Affected software

Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition



Non-affected software

Microsoft Windows XP Service Pack 2



References




Solutions




NIS signature

Name: Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214
Release Date: 2004-10-12T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Install the Outlook E-mail Security Update if you are using Outlook 2000 SP1 or earlier to help protect yourself from the HTML e-mail attack vector.
Read e-mail messages in plain text format if you are using Outlook 2002 or later, or Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack vector.