A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows.
There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows:
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An attacker can either execute arbitrary code (any such code would run with the privileges of the victim) or crash the Windows Shell.
Apply a patch.
This vulnerability was discovered by Foundstone Research Labs.
This document was written by Ian A Finlay.