|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Windows 2000 ShellExecute API Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jul 03 2003 - 08:57:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Windows 2000 ShellExecute API Buffer Overflow Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9175/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
DESCRIPTION:
A vulnerability has been reported in Windows 2000, which can be
exploited by malicious people to crash applications and potentially
compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the API
"ShellExecute" in "shell32.dll", which is used to execute programs
associated with a given file type. This can be exploited by supplying
a pointer referencing an overly long string (about 4000 bytes) to
the "lpszFile" parameter, which will cause a buffer overflow. Any
program using this API is potentially affected.
Reportedly, both browsers, email programs, and text editors have been
identified as vulnerable.
The vulnerability has been reported in "shell32.dll" version
5.0.3502.6144. However, other versions may also be affected.
SOLUTION:
Reportedly, the vulnerability has been fixed in Windows 2000 Service
Pack 4:
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
REPORTED BY / CREDITS:
Yuu Arai and Hisayuki Shinmachi (SecureNet Service).
ORIGINAL ADVISORY:
http://www.lac.co.jp/security/english/snsadv_e/65_e.html
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]