Accessibility Options |  Sitemap |  Contact Us
   
 
 
 
HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space x space insta space youtube space Linkedin
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Operational Member TFCSIRT
Line
Accredited Member APCERT
Line
Global Research Partner APWG
Line
Associate Partner Charter
Line
CNA
WLine
 Directions by CERT-In under  Section 70B, Information  Technology Act 2000
WLine
 Guidelines on Information  Security Practices for  Government Entities
WLine
 Technical Guidelines on NEW  SOFTWARE BILL OF MATERIALS  (SBOM)
WLine
 Cyber Security GuidelinesNEW  for Smart City Infrastructure
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point Internal Complaint Committee         (ICC) 
Line
point point RFC2350 
line
point point Press  
Line
point point Tender 
Line
point point Subscribe Mailing List
Line
point point Contact Us
Line
Line
Reporting
point
 Incident Reporting
point
Line
point
 Vulnerability Reporting
point
Line
point
 Feedback
point
Line
KnowledgeBase
Line
point Point Guidelines
Line
point Point Presentations
Line
point Point White Papers 
Line
point Point Annual Report 
Line
Line
Line
line
Line
line
line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point point Antivirus Resources
line
point point FAQ
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - Vulnerability NotesPrint
point
CERT-In Vulnerability Note CIVN-2004-0027
Vulnerability in Windows Shell Could Allow Remote Code Execution

Original Issue Date:July 14, 2004

Severity Rating: HIGH

Systems Affected

  • Windows NT Workstation 4.0 SP6a
  • Windows NT Server 4.0 SP6a
  • Windows NT Server 4.0, Terminal Server Edition SP6
  • Windows 2000 SP2
  • Windows 2000 SP3
  • Windows 2000 SP4
  • Windows XP
  • Windows XP SP1
  • Windows Server 2003
  • Internet Explorer all versions

Overview

A vulnerability exists in the way that the Windows Shell launches applications which enables an attacker to spoof the file extension thereby persuading the user to run malicious program.

Impact

An attacker who successfully exploits this vulnerability will gain privileges of the user. However, significant user interaction is required to exploit this vulnerability.

Description

Windows Shell APIs are the programming interfaces that support extensions of the systems operational environment.

They support the association of a class identifier CLSID with a file type. CLSID is a universally unique identifier UUID that identifies a COM component. Each COM component has its CLSID in the Windows Registry so that it can be loaded by other applications. An attacker could use a CLSID instead of the valid extension for a file type that could help persuade a user to run a malicious program or persuade the user to visit a malicious website. Specifically Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. If a user is logged on with administrative privileges, an attacker who successfully exploits this vulnerability could take complete control of an affected system. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Solution

Apply patch

Apply appropriate patches as mentioned Microsoft Security Bulletin

MS04-024

Vendor Information

Microsoft Corporation :
Microsoft Security Bulletin
MS04-024

References

Microsoft Security Bulletin MS04-024

http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx

Security Focus

http://www.securityfocus.com/bid/9510/info/

Secunia Advisory SA 10736

http://secunia.com/advisories/10736/

Internet Security Systems

http://xforce.iss.net/xforce/xfdb/14964

CVE Name
CAN-2004-0420

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-2436857

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

 
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On May 02, 2025