Info

Disclosure

Apr 25, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in Microsoft Windows Explorer and Internet Explorer. The vulnerable products fail to properly check file share name lengths resulting in a buffer overflow. By tricking an authenticated local user on the system to browse or map a file server containing a specially crafted file share name, an attacker can cause Windows Explorer or Internet Explorer to crash and possibly execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation, Other
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown

Solution

Currently, there are no known upgrades or patches to correct this issue. Although Microsoft has claimed the problem was fixed in XP SP 1 and 2000 SP 4, this has been disproved through testing. It is possible to correct the flaw by implementing the following workaround(s): Disabling the "Client for Microsoft Networks" on all network interfaces, which will stop all file share access. Additionally, filter SMB traffic on network edges.

Products

Microsoft Corporation	Internet Explorer	5.0.1
		5.5
		6
	Windows	2000 Advanced Server
		2000 Datacenter Server
		2000 Professional
		2000 Server
		95
		98
		98 SE
		Millenium
		XP Home Edition
		XP Professional

References

Secunia Advisory ID: 11482
Microsoft Knowledge Base Article: 322857
Other Advisory URL: http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html
Mail List Post: http://www.securityfocus.com/archive/1/361493/2004-04-24/2004-04-30/2

Credit

Rodrigo Gutierrez - rodrigointellicomp.cl - Trustix AS

Direct URL: http://osvdb.org/5687

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

Windows

References

Credit