Microsoft Windows Shell and Web View Three Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Microsoft Windows Shell and Web View Three Vulnerabilities
Secunia Advisory:	SA17168	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2005-10-11
Last Update:	2005-11-21
Popularity:	13,624 views

Critical:	Moderately critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-2117 CVE-2005-2118 CVE-2005-2122

Description: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists in CSRSS when handling the properties associated a ".lnk" (shortcut) file of a console application. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user opens a specially-crafted ".lnk" file with an overly long font name property. 2) A boundary error exists in Windows Explorer when handling the properties associated with a ".lnk" file of a console application. This can be exploited to cause a buffer overflow via a specially-crafted ".lnk" file with an overly long font name property. Successful exploitation allows arbitrary code with the privileges of the user viewing the properties of the ".lnk" file. 3) An error exists in the way Windows Explorer sanitises HTML characters embedded in certain file fields when allowing a file to be previewed in the Web View. This can be exploited in script injection attacks to execute arbitrary script code with privileges of the user viewing the malicious file. Solution: Apply patches. Microsoft Windows 2000 (requires Service Pack 4): http://www.microsoft.com/downloads/de...=1F063C4A-B0BF-49C6-928B-F1F076C69612 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/de...=F7241DEB-9E2D-401A-9D71-10ACAB4450AF Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/de...=594AD01B-F333-4C56-9C12-D1A8B82F2A6E Microsoft Windows XP Embedded (with SP2): http://www.microsoft.com/downloads/de...=e7b6d199-7607-44a8-96fd-5a2386427bd9 Microsoft Windows XP Embedded (with SP1): http://www.microsoft.com/downloads/de...=47633799-2103-4fc2-b63d-a9581a2d2f2d Microsoft Windows Server 2003 (with or without Service Pack 1): http://www.microsoft.com/downloads/de...=1A4FCFDE-E549-4078-A180-076A23CB8BB7 Microsoft Windows Server 2003 (Itanium) (with or without SP 1): http://www.microsoft.com/downloads/de...=3BA63AF8-3D36-4F3C-BFEE-11B62572AF73 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=994B14B4-EE98-4B61-BDBE-CA5C20094855 Provided and/or discovered by: The vendor credits the following: 1-2) Cesar Cerrudo of Argeniss 3) Brett Moore of security-assessment.com Changelog: 2005-10-12: Added link to US-CERT vulnerability note. 2005-10-20: Added information from Cesar Cerrudo. Updated "Description" and "Original Advisory" sections. 2005-11-21: Added patch information for Windows XP Embedded. Original Advisory: MS05-049 (KB900725): http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx Argeniss: http://www.argeniss.com/research/MSBugPaper.pdf Other References: US-CERT VU#922708 http://www.kb.cert.org/vuls/id/922708

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

10th Oct, 2008

New advisories:	15
New vulnerabilities:	83
Updated advisories:	41

Moderately // 210 views

ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability

Moderately // 218 views

Built2go Real Estate Listings "event_id" SQL Injection

Highly // 359 views

Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow

Moderately // 250 views

Red Hat update for cups

Highly // 258 views

DFF PHP Framework API "DFF_config[dir_incl ude]" File Inclusion Vulnerabilities

Not // 280 views

FUJITSU Interstage Products Apache Tomcat Security Bypass

Moderately // 481 views

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Moderately // 265 views

Fedora update for condor

Moderately // 535 views

CUPS Multiple Vulnerabilities

Not // 305 views

Gentoo Portage Insecure Python Module Search Path Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.