[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030703104237.DA56.SNSADV@lac.co.jp>
Date: Thu, 03 Jul 2003 10:44:44 +0900
From: "Secure Net Service(SNS) Security Advisory" <snsadv@....co.jp>
To: bugtraq@...urityfocus.com
Subject: [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
----------------------------------------------------------------------
SNS Advisory No.65
Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
Problem first discovered: Thu, 5 Dec 2002
Published: Thu, 03 Jul 2003
Reference: http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
----------------------------------------------------------------------
Overview:
---------
A buffer overflow vulnerability exists in the Windows 2000 API
ShellExecute() function.
Problem Description:
-------------------
Windows API ShellExecute() is a function to run an application
associated with a specified file extension.
The problem is triggered when the pointer to an unusually long string
is set to the 3rd argument of the Windows 2000 API Shell Execute()
API function.
It has been confirmed that several applications containing web browser,
MUA and text editor are vulnerable to this problem.
Tested Version:
---------------
SHELL32.DLL (Version 5.0.3502.6144)
Solution:
---------
This problem can be rectified by installing Windows 2000 Service Pack 4.
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
Microsoft is considering public presentation of the further information
about this problem.
Discovered by:
--------------
Yuu Arai y.arai@....co.jp
Hisayuki Shinmachi
Acknowledgements:
-----------------
Thanks to:
RimArts, Inc. Tomohiro Norimatsu
Security Response Team of Microsoft Asia Limited
Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd. shall
take no responsibility for any problems, loss or damage caused by, or by
the use of information provided here.
This advisory can be found at the following URL:
http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@....co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
Powered by blists - more mailing lists