Unchecked Buffer in Windows Shell Could Enable System Compromise

By Thomas McGuire on July 16, 2003, 3:01 PM
Affected Software:
Microsoft Windows XP

An unchecked buffer exists in 1 of the functions used by the Windows shell to extract custom attribute information from certain folders. A security vulnerability results because it is possible for a malicious user to construct an attack that could exploit this flaw and execute code on the userís system.

An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, & then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attackerís code to run on the userís computer in the security context of the user.

Patch availability
Download locations for this patch

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.