Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1018831
|
|
SecurityTracker URL: http://securitytracker.com/id?1018831
|
|
CVE Reference: CVE-2007-3896
(Links to External Site)
|
Updated: Nov 13 2007
|
Original Entry Date: Oct 18 2007
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): XP SP2 and prior, 2003 SP2 and prior
|
Description: A vulnerability was reported in Microsoft Windows when running Internet Explorer 7. A remote user can cause arbitrary commands to be executed on the target user's system.
A remote user can create a specially crafted URI that, when loaded by the target user via another application, will execute arbitrary
commands on the target system. The code will run with the privileges of the target user.
The vulnerability resides in the Windows
ShellExecute() function.
Windows XP and Windows Server 2003 are affected when running Internet Explorer 7.
Windows Vista is
not affected.
This vulnerability is being actively exploited.
Billy (BK) Rios , Jesper Johansson, Carsten H. Eiram of Secunia,
Aviv Raff of Finjan, and Petko Petkov of gnucitizen reported this vulnerability.
[Editor's note: This vulnerability has been
previously reported as affecting various software applications, including Mozilla Firefox and Adobe Reader. URIs embedded within
applications can be used as an attack vector.]
|
Impact: A remote user can create a URI that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following fixes:
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8ba1c2f9-1bde-4e97-b327-21259c5e5104
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4ef7fdd7-8887-4c
64-a70c-c6ae734d7c5f
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e5d8a866-2c
1f-4035-8325-c1be61a75c3b
Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?Family
Id=bf26da08-15b8-4d65-ba12-4cc74c7a1326
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2
for Itanium based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1c055f11-3273-4a4c-a33f-bf61ac9ec4c5
A
restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx
The
original Microsoft advisory is available at:
http://www.microsoft.com/technet/security/advisory/943521.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-061.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 17 Oct 2007 22:46:45 -0400
Subject: Microsoft Internet Explorer (IE)
|
http://www.microsoft.com/technet/security/advisory/943521.mspx
CVE-2007-3896
|
|
