MS06-057: Vulnerability in Windows Shell Could Allow Remote Code Execution (926043)

Published: 2006-10-10
Last Updated: 2006-10-11 14:19:06 UTC
by Joel Esler (Version: 1)
0 comment(s)
https://www.microsoft.com/technet/security/bulletin/ms06-057.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4690
http://isc.sans.org/diary.php?storyid=1749

Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and WS 2003 Service Pack 1 (Mitigated)
- Microsoft Windows Server 2003 and WS 2003 w/ SP1 for Itanium-based Systems (Mitigated)
- Microsoft Windows Server 2003 x64 Edition (Mitigated)
 
Impact:  Remote Code Execution
Severity:  Critical

(This replaces 06-045 for XP SP 1)

Description:  This is a remote code execution for Internet Explorer, that is caused by improper validation of the WebViewFolderIcon ActiveX object.  

Why do you have "Mitigated" in Yellow up above?

By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

Workarounds

To set the kill bits for CLSIDs with values of {e5df9d10-3b52-11d1-83e8-00a0c90dc849} and {844F4806-E8A8-11d2-9652-00C04FC30871}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{e5df9d10-3b52-11d1-83e8-00a0c90dc849}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
"Compatibility Flags"=dword:00000400

You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy.
Keywords:
0 comment(s)

Comments


Diary Archives