Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS05-049 Windows Shell Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS05-049 Windows Shell Vulnerability
MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code
Execution(900725)

Impact: Remote Code Execution
Rating: Important
Supercedes: MS05-016 and MS05-024

This bulletin has three Parts to it.

Shell Vulnerability- CAN-2005-2122: A vulnerablity exist in the way that Windows handles the .lnk file extention. A .lnk file is a file that is a shortcut which points to another file and can contain properties that are passed on to the file that it is pointing to. As such, an attacker an attacker taking advantage of this would be able to execute code on the victim's system by getting the victim to open the .lnk file.

Shell Vulnerability - CAN-2005-2118: Same information as above. The main difference appears that instead of opening the .lnk file, the victim only needs to view the properties of the .lnk file.

Web View Script Injection Vulnerability - CAN-2005-2117: This vulnerability deals with Web View format used my Microsoft Explorer to view files and their information. A vulnerability exists in the way that Microsoft handles the validation of HTML characters within certain fields on the files. A attacker taking advantage of this
would be able to take complete control of the victim's system if the vicitim views the malicious file with the Web View format turned on in Explorer.

http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx
Joshua

34 Posts
Oct 11th 2005

Sign Up for Free or Log In to start participating in the conversation!