NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2004-q4

[SA12808] Microsoft Windows Shell and Program Group Converter Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Oct 12 2004 - 17:20:37 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Microsoft Windows Shell and Program Group Converter Vulnerabilities

SECUNIA ADVISORY ID:
SA12808

VERIFY ADVISORY:
http://secunia.com/advisories/12808/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 98
http://secunia.com/product/12/
Microsoft Windows 98 Second Edition
http://secunia.com/product/13/
Microsoft Windows Millenium
http://secunia.com/product/14/
Microsoft Windows NT 4.0 Server
http://secunia.com/product/18/
Microsoft Windows NT 4.0 Server, Terminal Server Edition
http://secunia.com/product/19/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/

DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to compromise a user's system.

1) A boundary error in the Windows Shell when starting applications
can be exploited to cause a buffer overflow. This can be exploited to
execute arbitrary code on a user's system by tricking the user into
visiting a malicious web site.

2) A boundary error in the Program Group Converter when handling
certain requests can be exploited to cause a buffer overflow. This
can be exploited to execute arbitrary code on a user's system by
tricking the user into opening a ".grp" file attachment or click a
HTML link.

NOTE: Microsoft Windows XP Service Pack 2 is not vulnerable.

SOLUTION:
Apply patches.

Microsoft Windows NT Server 4.0 (requires SP6a):
http://www.microsoft.com/downloads/details.aspx?FamilyId=F8046E83-E151-4AAF-80CB-AD4F31C02EAC

Microsoft Windows NT Server 4.0 Terminal Server Edition (requires
SP6)
http://www.microsoft.com/downloads/details.aspx?FamilyId=2DCC6C99-509D-41A5-A3C7-CAC017D633E1

Microsoft Windows 2000 (requires SP3 or SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=846E7479-133B-45D7-AA69-D9257F1BE178

Microsoft Windows XP (prior to SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FB93CB07-3A7E-444C-B083-324FC9049B94

Microsoft Windows XP 64-Bit Edition (requires SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FF84BCBE-D1E5-4402-8CE4-F8D9966C79D0

Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AB91C7FF-2547-455E-9A6D-82B09373495F

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C60CA12-0045-42B7-9F2A-6D433DEDC105&

Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AB91C7FF-2547-455E-9A6D-82B09373495F

PROVIDED AND/OR DISCOVERED BY:
Yorick Koster and Roozbeh Afrasiabi

ORIGINAL ADVISORY:
MS04-037 (KB841356):
http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]