also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Unchecked Buffer in Windows Shell Could Enable System Compromise

Discussion in 'General Discussion' started by TS | Thomas, Jul 16, 2003.

Thread Status:
Not open for further replies.

  1. TS | Thomas Newcomer, in training

    Unchecked Buffer in Windows Shell Enables System Compromise

    Affected Software:
    Microsoft Windows XP

    An unchecked buffer exists in 1 of the functions used by the Windows shell to extract custom attribute information from certain folders. A security vulnerability results because it is possible for a malicious user to construct an attack that could exploit this flaw and execute code on the user’s system.

    An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, & then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attacker’s code to run on the user’s computer in the security context of the user.

    Patch availability
    Download locations for this patch
    TS | Thomas, Jul 16, 2003
    #1
Thread Status:
Not open for further replies.