Your Ad Here Your Ad Here
Results 1 to 7 of 7

Thread: Securitytracker Alert Id: 1008843

  1. #1
    Windows XP Explorer Executes Arbitrary Code in Folders
    SecurityTracker Alert ID: 1008843
    CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
    Date: Jan 25 2004

    Impact: Execution of arbitrary code via network, User access via network

    Exploit Included: Yes

    Version(s): Windows XP Explorer

    Description: A vulnerability was reported in Microsoft Windows XP in Windows Explorer. A remote user can create a folder that, when viewed by the target user, will execute arbitrary code on the target user's system.

    http-equiv reported that a remote user can create a specially crafted 'folder' that includes HTML scripting code and a Windows executable ('.exe' file) containing arbitary code. When a target user attempts to view the contents of the 'folder' (which may be considered an ostensibly safe task by many users), the arbitrary code will be automatically executed on the target user's computer by Windows Explorer. The code will run with the privileges of the target user.

    If the 'folder' is an HTML-based file, Windows Explorer (on XP) will execute the file when viewed, extracted, or opened. The scripting code can reference the executable contained in the 'folder', causing the executable to run.

    A demonstration exploit is available at:

    http://www.malware.com/my.pics.zip

    Impact: A remote user can cause arbitrary code to be executed on the target user's system.

    Solution: No solution was available at the time of this entry.

    Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)

    Cause: State error

    Underlying OS: Windows (XP)

    Reported By: "http-equiv@excite.com"

    Message History: None.

    SOURCE

  2. Software & Hardware   -   #2
    fkdup74's Avatar Pneuberator.
    Join Date
    Sep 2003
    Posts
    3,616
    wonder how long it's gonna take billy gates to patch this one
    nothing on the windows update yet
    I am just a worthless liar. I am just an imbecile.
    I will only complicate you. Trust in me and fall as well.
    I will find a center in you. I will chew it up and leave.
    I will work to elevate you just enough to bring you down.

  3. Software & Hardware   -   #3
    Thanks for the info SH, Good reading there.

  4. Software & Hardware   -   #4
    h1
    Guest
    Why am I not surprised?

  5. Software & Hardware   -   #5

  6. Software & Hardware   -   #6
    fkdup74's Avatar Pneuberator.
    Join Date
    Sep 2003
    Posts
    3,616
    Originally posted by TheKiler@26 January 2004 - 14:00
    The exploit was patched 3 years ago....

    http://www.microsoft.com/technet/treeview/...in/MS00-046.asp
    the patch you're looking at is for these...


    Affected Software:

    Microsoft Outlook Express 4.x
    Microsoft Outlook Express 5.x
    Microsoft Outlook 98
    Microsoft Outlook 2000
    I am just a worthless liar. I am just an imbecile.
    I will only complicate you. Trust in me and fall as well.
    I will find a center in you. I will chew it up and leave.
    I will work to elevate you just enough to bring you down.

  7. Software & Hardware   -   #7
    Poster
    Join Date
    Sep 2003
    Location
    Leeds - Yorkshire - UK
    Posts
    1,364
    Why am I not surprised?
    Yeah XP again.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •