Vulnerability IntelligenceVulnerability ScanningBlogCorporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Microsoft Windows Shell and Program Group Converter Vulnerabilities
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Microsoft Windows Shell and Program Group Converter Vulnerabilities
Secunia Advisory: SA12808
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2004-10-13
Popularity: 15,390 views

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS:Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-0214
CVE-2004-0572
Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the Windows Shell when starting applications can be exploited to cause a buffer overflow. This can be exploited to execute arbitrary code on a user's system by tricking the user into visiting a malicious web site.

2) A boundary error in the Program Group Converter when handling certain requests can be exploited to cause a buffer overflow. This can be exploited to execute arbitrary code on a user's system by tricking the user into opening a ".grp" file attachment or click a HTML link.

NOTE: Microsoft Windows XP Service Pack 2 is not vulnerable.

Solution:
Apply patches.

Microsoft Windows NT Server 4.0 (requires SP6a):
http://www.microsoft.com/downloads/de...=F8046E83-E151-4AAF-80CB-AD4F31C02EAC

Microsoft Windows NT Server 4.0 Terminal Server Edition (requires SP6)
http://www.microsoft.com/downloads/de...=2DCC6C99-509D-41A5-A3C7-CAC017D633E1

Microsoft Windows 2000 (requires SP3 or SP4):
http://www.microsoft.com/downloads/de...=846E7479-133B-45D7-AA69-D9257F1BE178

Microsoft Windows XP (prior to SP2):
http://www.microsoft.com/downloads/de...=FB93CB07-3A7E-444C-B083-324FC9049B94

Microsoft Windows XP 64-Bit Edition (requires SP1):
http://www.microsoft.com/downloads/de...=FF84BCBE-D1E5-4402-8CE4-F8D9966C79D0

Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/de...=AB91C7FF-2547-455E-9A6D-82B09373495F

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/de...CA12-0045-42B7-9F2A-6D433DEDC105&

Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/de...=AB91C7FF-2547-455E-9A6D-82B09373495F

Provided and/or discovered by:
Yorick Koster and Roozbeh Afrasiabi

Original Advisory:
MS04-037 (KB841356):
http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

5th Sep, 2008
New advisories: 14
New vulnerabilities: 18
Updated advisories: 22

Less // 275 views
Netgear WN802T Wireless Access Point Two Vulnerabilities
Less // 221 views
Fedora update for xastir
Less // 282 views
XASTIR Insecure Temporary Files
Less // 228 views
Fedora update for samba
Less // 237 views
Fedora update for bitlbee
Less // 629 views
3Com Wireless 8760 Access Point HTTP Request Processing Denial of Service
Moderately // 514 views
CS-Cart "cs_cookies" SQL Injection Vulnerability
Less // 599 views
Drupal Content Construction Kit Script Insertion Vulnerabilities
Less // 593 views
HP OpenView Select Identity Connectors Information Disclosure
Moderately // 476 views
rPath update for libtiff

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Subdreamer Light Global Variables SQL Injection Vulnerability // 30 views
2. PluggedOut Blog "index.php" SQL Injection Vulnerabilities // 21 views
3. Apple QuickTime Multiple Vulnerabilities // 20 views
4. Microsoft Office Two Code Execution Vulnerabilities // 18 views
5. Microsoft Word Malformed Object Pointer Vulnerability // 18 views
6. SAPID CMS "root_path" File Inclusion Vulnerability // 17 views
7. 3Com Wireless 8760 Access Point HTTP Request Processing Denial of Service // 15 views
8. Drupal Content Construction Kit Script Insertion Vulnerabilities // 15 views
9. Sun Java System Web Proxy Server SOCKS Module Buffer Overflows // 14 views
10. phpBB Multiple Vulnerabilities // 14 views



Contact | Terms & Conditions | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008