Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
BID:9924
Info
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
| Bugtraq ID: | 9924 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2004 12:00AM |
| Updated: | Mar 19 2004 12:00AM |
| Credit: | This issue has been disclosed by "Rafel Ivgi, The-Insider" <[email protected]>. |
| Vulnerable: |
Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP1 Microsoft Windows XP Home |
| Not Vulnerable: | |
Discussion
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability.
This issue is due to a failure of the application to properly validate user-supplied input via the 'shell:' command. The 'shell:' command is a parameter that a user can specify when including a URI in an HTML tag. This command allows the HTML script to potentially execute any program specified after the 'shell:' command.
Successful exploitation of this issue would cause the affected application to crash, denying service to legitimate users.
Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability.
This issue is due to a failure of the application to properly validate user-supplied input via the 'shell:' command. The 'shell:' command is a parameter that a user can specify when including a URI in an HTML tag. This command allows the HTML script to potentially execute any program specified after the 'shell:' command.
Successful exploitation of this issue would cause the affected application to crash, denying service to legitimate users.
Exploit / POC
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
The issue may be triggered when a user follows an HTML link formatted like so:
<a href=shell:windows\\system32\\calc.exe>link</a>
This issue may be triggered when a user views an HTML document containing the following tag:
<iframe src=shell:windows\\system32\\calc.exe></iframe>
No exploit is required to leverage this issue. The following proof of concept has been provided:
The issue may be triggered when a user follows an HTML link formatted like so:
<a href=shell:windows\\system32\\calc.exe>link</a>
This issue may be triggered when a user views an HTML document containing the following tag:
<iframe src=shell:windows\\system32\\calc.exe></iframe>
Solution / Fix
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
References:
References:
- Technet Security (Microsoft)
- Internet Explorer Causing Explorer.exe - Null Pointer Crash ("Rafel Ivgi, The-Insider"