Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Spyware Doctor Enterprise
Help me choose
Unchecked Buffer in Windows Shell New
An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. This could allow a malicious user to mount a buffer overrun attack and possibly run the code of their choice on the system.
Issue
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An attacker could seek to exploit this vulnerability by creating an .MP3 or .WMA file that contained a corrupt custom attribute and then host it on a website, on a network share, or send it via an HTML email. If a user were to hover his or her mouse pointer over the icon for the file (either on a web page or on the local disk), or open the shared folder where the file was stored, the vulnerable code would be invoked. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker’s code to run on the user’s computer in the security context of the user.
Affected Products
- Microsoft Windows XP
Download
Software patches are available from the following locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: December 18, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
