Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
BID:22710
Info
Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
| Bugtraq ID: | 22710 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 24 2007 12:00AM |
| Updated: | Jan 07 2008 01:49PM |
| Credit: | shinnai <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Microsoft Windows Shell User Logon ActiveX control 6.0.2900 .2180 |
| Not Vulnerable: | |
Discussion
Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
The Windows Shell User Logon ActiveX control is prone to a vulnerability that allows attackers to create user accounts on victim computers.
Exploiting this issue can aid in further attacks and may result in the compromise of affected computers.
Version 6.0.2900.2180 is vulnerable; other versions may also be affected.
The Windows Shell User Logon ActiveX control is prone to a vulnerability that allows attackers to create user accounts on victim computers.
Exploiting this issue can aid in further attacks and may result in the compromise of affected computers.
Version 6.0.2900.2180 is vulnerable; other versions may also be affected.
Exploit / POC
Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted webpage.
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted webpage.
Solution / Fix
Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Windows Shell User Logon ActiveX Control Create Method Unauthorized User Creation Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)