lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030703104237.DA56.SNSADV@lac.co.jp>
Date: Thu, 03 Jul 2003 10:44:44 +0900
From: "Secure Net Service(SNS) Security Advisory" <snsadv@....co.jp>
To: bugtraq@...urityfocus.com
Subject: [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow


----------------------------------------------------------------------
SNS Advisory No.65
Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow

Problem first discovered: Thu, 5 Dec 2002
Published: Thu, 03 Jul 2003
Reference: http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
----------------------------------------------------------------------

Overview:
---------
  A buffer overflow vulnerability exists in the Windows 2000 API 
  ShellExecute() function.


Problem Description:
-------------------
  Windows API ShellExecute() is a function to run an application 
  associated with a specified file extension.

  The problem is triggered when the pointer to an unusually long string 
  is set to the 3rd argument of the Windows 2000 API Shell Execute() 
  API function.

  It has been confirmed that several applications containing web browser, 
  MUA and text editor are vulnerable to this problem.


Tested Version:
---------------
  SHELL32.DLL (Version 5.0.3502.6144)


Solution:
---------
  This problem can be rectified by installing Windows 2000 Service Pack 4.
  http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp

  Microsoft is considering public presentation of the further information
  about this problem.


Discovered by:
--------------
  Yuu Arai y.arai@....co.jp
  Hisayuki Shinmachi


Acknowledgements:
-----------------
Thanks to:
  RimArts, Inc. Tomohiro Norimatsu
  Security Response Team of Microsoft Asia Limited


Disclaimer: 
-----------
The information contained in this advisory may be revised without prior 
notice and is provided as it is. Users shall take their own risk when 
taking any actions following reading this advisory. LAC Co., Ltd. shall 
take no responsibility for any problems, loss or damage caused by, or by 
the use of information provided here.

This advisory can be found at the following URL: 
http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@....co.jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ