Relative Shell Path Vulnerability
A security vulnerability exists in Microsoft® Windows NT® 4.0 and Windows® 2000 which could enable a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.
The registry entry that specifies the Windows Shell executable (Explorer.exe) provides a relative, rather than absolute, path name. Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.
Under normal conditions, the malicious user could only exploit this vulnerability on machines that he could interactively log onto. As a result, workstations and terminal servers would be the machines primarily at risk.
- Windows NT/2000
Software patches are available from the following locations:
- Microsoft Windows NT 4.0 Workstation, Server, Enterprise Server:
- Microsoft Windows NT 4.0 Terminal Server:
- Microsoft Windows 2000: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23359
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 28, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
|More Guides »||Registry Guide||Support Forums||Software Guide||Scripting Guide||Search|