Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
BID:9892
Info
Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
| Bugtraq ID: | 9892 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Mar 16 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Peter Ferrie <[email protected]>. |
| Vulnerable: |
Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP1 Microsoft Windows XP Home |
| Not Vulnerable: | |
Discussion
Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
It has been reported that Windows Explorer for Windows XP may be prone to a denial of service vulnerability that may allow a remote attacker to cause the system to hang by sending a malicious directory containing 'wmf' files to a vulnerable user via e-mail or other means. Windows Explorer automatically attempts to parse 'wmf' files in the directory, however, an exceptional condition occurs if the directory contains records of zero length.
Although unconfirmed, all versions of Windows XP are considered to be affected by this vulnerability.
It has been reported that Windows Explorer for Windows XP may be prone to a denial of service vulnerability that may allow a remote attacker to cause the system to hang by sending a malicious directory containing 'wmf' files to a vulnerable user via e-mail or other means. Windows Explorer automatically attempts to parse 'wmf' files in the directory, however, an exceptional condition occurs if the directory contains records of zero length.
Although unconfirmed, all versions of Windows XP are considered to be affected by this vulnerability.
Exploit / POC
Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability
References:
References:
- Technet Security (Microsoft)