Description: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the Windows Shell when starting applications can be exploited to cause a buffer overflow. This can be exploited to execute arbitrary code on a user's system by tricking the user into visiting a malicious web site.
2) A boundary error in the Program Group Converter when handling certain requests can be exploited to cause a buffer overflow. This can be exploited to execute arbitrary code on a user's system by tricking the user into opening a ".grp" file attachment or click a HTML link.
NOTE: Microsoft Windows XP Service Pack 2 is not vulnerable.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.