Reported March 08, 2002, by
Microsoft.
VERSIONS AFFECTED
Windows
2000, Windows NT 4.0, Windows NT 4.0 Server Terminal Edition, Windows 98
Second Edition (Win98SE), and Windows 98
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-014
to address this vulnerability, and recommends that affected users immediately
apply the appropriate patch as listed in Security Bulletin MS03-014.
CREDIT
A vulnerability exists in Windows Shell that lets an attacker arbitrarily
execute code under the authorized user’s security context.
An unchecked buffer exists in one of the functions that helps locate
incompletely removed applications on the system. As a result, an attacker can
mount a buffer-overrun attack and either cause the Windows Shell to crash or can
execute code under the user's security context.
Discovered by eEye
Digital Security.
Unchecked Buffer in Microsoft Windows Shell
0 comments
Hide comments