Description: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
1) A boundary error exists in CSRSS when handling the properties associated a ".lnk" (shortcut) file of a console application. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user opens a specially-crafted ".lnk" file with an overly long font name property.
2) A boundary error exists in Windows Explorer when handling the properties associated with a ".lnk" file of a console application. This can be exploited to cause a buffer overflow via a specially-crafted ".lnk" file with an overly long font name property.
Successful exploitation allows arbitrary code with the privileges of the user viewing the properties of the ".lnk" file.
3) An error exists in the way Windows Explorer sanitises HTML characters embedded in certain file fields when allowing a file to be previewed in the Web View. This can be exploited in script injection attacks to execute arbitrary script code with privileges of the user viewing the malicious file.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Provided and/or discovered by: The vendor credits the following:
1-2) Cesar Cerrudo of Argeniss
3) Brett Moore of security-assessment.com
Changelog: 2005-10-12: Added link to US-CERT vulnerability note.
2005-10-20: Added information from Cesar Cerrudo. Updated "Description" and "Original Advisory" sections.
2005-11-21: Added patch information for Windows XP Embedded.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.