SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (Microsoft)  >   Windows Explorer Vendors:   Microsoft
(Vendor Issues Fix) Windows XP Explorer Executes Arbitrary Code in Folders
SecurityTracker Alert ID:  1009775
SecurityTracker URL:  http://securitytracker.com/id/1009775
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 14 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Windows XP Explorer
Description:   A vulnerability was reported in Microsoft Windows XP in Windows Explorer. A remote user can create a folder that, when viewed by the target user, will execute arbitrary code on the target user's system.

http-equiv reported that a remote user can create a specially crafted 'folder' that includes HTML scripting code and a Windows executable ('.exe' file) containing arbitary code. When a target user attempts to view the contents of the 'folder' (which may be considered an ostensibly safe task by many users), the arbitrary code will be automatically executed on the target user's computer by Windows Explorer. The code will run with the privileges of the target user.

If the 'folder' is an HTML-based file, Windows Explorer (on XP) will execute the file when viewed, extracted, or opened. The scripting code can reference the executable contained in the 'folder', causing the executable to run.

A demonstration exploit is available at:

http://www.malware.com/my.pics.zip
Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   Microsoft has issued an update (MS04-011) and reports that this update causes files that end with the file name extension .folder to no longer be associated with a directory.

Patches are available for the following operating systems [please note that even though we have listed all the patches provided in MS04-011, not all operating systems are affected equally by all vulnerabilities]:

Microsoft Windows NT Workstation 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en

Microsoft Windows XP 64-Bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 64-Bit Edition:

http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft NetMeeting: (no URL was provided)

A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative security update, the vendor said.
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-011.mspx (Links to External Site)
Cause:   State error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Jan 25 2004 Windows XP Explorer Executes Arbitrary Code in Folders


 Source Message Contents
Date:  Tue, 13 Apr 2004 17:42:09 -0400
Subject:  '.folder' vulnerability


MS04-011

Microsoft reports that this update causes files that end with the file name extension 
“.folder” to no longer be associated with a directory.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC