|
Microsoft Products Fail to Restrict "shell:" Access
|
|
|
|
|
Secunia Advisory:
|
SA12042
|
|
|
Release Date:
|
2004-07-12
|
|
|
Critical:
|

Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Microsoft MSN Messenger 6.x Microsoft Word 2002
|
|
|
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! |
|
|
Description: Jesse Ruderman has reported a vulnerability in MSN Messenger and Microsoft Word, allowing access to the Windows "shell:" functionality.
The problem is that the programs fail to restrict access to the "shell:" URI handler. This allows malicious people to invoke various programs associated with specific extensions. It is not possible to pass parameters to these programs, only filenames, thus limiting the impact of launching applications.
The Windows "shell:" URI handler is inherently insecure and should only be accessed from a few trusted sources - it may even pose a threat through Word documents. Multiple exploits in Internet Explorer also utilise "shell:" functionality.
This is related to a similar issue in Mozilla:
SA12027
Solution: Do not follow links in MSN Messenger.
Do not follow links from Word documents originating from untrusted sources.
Provided and/or discovered by: Jesse Ruderman
Other References: SA12027:
http://secunia.com/advisories/12027/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
28 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Word Smart Tag Invalid Length Processing Vulnerability
|
|
2. Microsoft Word Two Code Execution Vulnerabilities
|
|
3. Microsoft Word File Information Block Memory Corruption
|
|
4. Microsoft Word Unspecified Memory Corruption Vulnerability
|
|
5. MSN Messenger Video Conversation Buffer Overflow Vulnerability
|
|
6. Microsoft RichEdit OLE Dialog Memory Corruption Vulnerability
|
|
7. Microsoft Word Three Code Execution Vulnerabilities
|
|
8. Microsoft Office Two Code Execution Vulnerabilities
|
|
9. Microsoft Word Multiple Memory Corruption Vulnerabilities
|
|
10. Microsoft Word Malformed Data Structures Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|