Vulnerability Note VU#591890
Buffer overflow in Microsoft Windows Shell
A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows.
There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows:
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An attacker can either execute arbitrary code (any such code would run with the privileges of the victim) or crash the Windows Shell.
Apply a patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||19 Dec 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by Foundstone Research Labs.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2002-1327
- CERT Advisory: CA-2002-37
- Date Public: 18 Dec 2002
- Date First Published: 19 Dec 2002
- Date Last Updated: 19 Dec 2002
- Severity Metric: 67.50
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.