Security Home > Windows NT, 2000 & XP

Relative Shell Path Vulnerability

A security vulnerability exists in Microsoft® Windows NT® 4.0 and Windows® 2000 which could enable a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.

Issue

The registry entry that specifies the Windows Shell executable (Explorer.exe) provides a relative, rather than absolute, path name. Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.

Under normal conditions, the malicious user could only exploit this vulnerability on machines that he could interactively log onto. As a result, workstations and terminal servers would be the machines primarily at risk.

Affected Products

  • Windows NT/2000

Solution

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: July 28, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<