Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The problem is caused due to a design error, as certain files including Word documents contain the CLSID of the program used for opening the file. This can be exploited to execute arbitrary script code contained in non-executable files by substituting the CLSID with the "MSHTA.EXE" program.
Successful exploitation requires that a user double-clicks the malicious file that contains an unhandled extension (e.g. ".d0c).
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
The following versions of Microsoft Windows are not affected:
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows XP Professional x64 Edition
Provided and/or discovered by: Discovered by anonymous person and reported via iDEFENSE.
Changelog: 2005-04-13: Added link to US-CERT vulnerability note and information provided by iDEFENSE.
2005-11-21: Added patch information for Windows XP Embedded.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
