| VID |
26032 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q329390) for the "Unchecked Buffer in Windows XP Shell" problem is not applied.
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.
An attacker could seek to exploit this vulnerability by creating an .MP3 or .WMA audio file that contained a corrupt custom attribute and then host it on a website, on a network share, or send it via an HTML email. If a user were to hover his or her mouse pointer over the icon for the file (either on a web page or on the local disk), or open the shared folder where the file was stored, the vulnerable code would be invoked. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-072.asp
http://www.securiteam.com/windowsntfocus/6U00D2K6AC.html
* Platforms Affected:
Windows XP Home Edition
Windows XP Professional
Windows XP Tablet PC Edition
Windows XP Media Center Edition |
| Recommendation |
Apply the appropriate patch for your system. This patch can be installed on systems running Windows XP Gold and Service Pack 1.
Download locations:
o 32 bit edition:
http://microsoft.com/downloads/details.aspx?FamilyId=A0BE7AF2-2653-4767-A85D-24BF68D28D20&displaylang=en
o 64 bit edition:
http://microsoft.com/downloads/details.aspx?FamilyId=FBA972FB-FF2A-41D0-8745-D31EEFB90437&displaylang=en |
| Related URL |
CVE-2002-1327 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
