A remotely exploitable buffer overflow vulnerability exists in the Microsoft Windows Shell.
The Microsoft Windows Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows:
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
A buffer overflow exists in the process the Windows Shell uses to launch applications. If an attacker can persuade a user to visit a specially crafted web page the attacker may be able to execute arbitrary code with the privileges of the current user. For more detailed information and for a list of vulnerable software, see Microsoft Security Bulletin MS04-037.
Please also note that this advisory replaces MS04-024 for Microsoft Windows NT 4.0, 2000, XP, and Server 2003.
If a remote attacker can persuade a user to visit a specially crafted web page, the attacker may be able to execute arbitrary code on that user's system, possibly with elevated privileges.
Microsoft has published Microsoft Security Bulletin MS04-037 to address this vulnerability. Microsoft credits Yorick Koster of ITsec Security Services providing information regarding this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2004-11-23|
|Date Last Updated:||2004-11-23 20:10 UTC|