Security Home > Windows NT, 2000 & XP

Unchecked Buffer in Windows Shell New

An unchecked buffer exists in one of the functions used by the Windows XP shell which could allow a malicious user to construct an attack that could exploit this flaw and execute code on the system.

Issue

The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs.

An unchecked buffer exists in one of the functions used by the Windows shell to extract custom attribute information from certain folders. A security vulnerability results because it is possible for a malicious user to construct an attack that could exploit this flaw and execute code on the user’s system.

An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, and then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attacker’s code to run on the user’s computer in the security context of the user.

Affected Products

  • Microsoft Windows XP

Download

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: July 17, 2003

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<