Content
(MS06-015) Microsoft Windows Explorer Remote COM Activation desktop.ini Vulnerability
- Type
- Misconfiguration
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- High
- CVE reference
- CAN-2004-2289,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 Generic,
- Windows 2000 SP4,
- Windows XP Generic,
- Windows XP SP1,
- Windows XP SP2,
- Windows 2003 Generic,
- Windows 2003 SP0 - SP1,
- Summary
- Microsoft Windows Explorer contains a vulnerability that may be exploitable remotely through a malicious desktop.ini file.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. Windows includes support for a graphical user interface. The Windows Explorer application is a graphical shell included with Windows that is used to access the file system and other features. A code execution vulnerability is present in Windows Explorer. An attacker could craft a malicious Desktop.ini that when processed by Windows Explorer could result in arbitrary code execution. This issue is a variant of the publicly disclosed issue identified by CVE-2004-2289. Affected software: Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Service Pack 0 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Service Pack 1 Microsoft Windows 2000 Service Pack 4 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
McAfee Product Mitigation & Recommendations
Recommendations
Install the patch from Microsoft (KB908531): http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
McAfee Product Mitigation
McAfee Intrushield
- Signature:
- SMB: Remote COM Activation by desktop.ini Vulnerability
- Signature identifier:
- 0x40708700
- Release date:
- 4/11/2006
- First released in:
- sigsets 1.8.72, 1.9.55, 2.1.38, 3.1.11
McAfee Host IPS
- Signature:
- Remote COM Activation by desktop.ini Vulnerability
- Signature identifier:
- 3750
- Release date:
- 4/11/2006
- First released in:
- security content update 402
McAfee Foundstone
- Signature:
- (MS06-015) Microsoft Windows Explorer Remote COM Activation desktop.ini Vulnerability
- Signature identifier:
- 4361
- Release date:
- 4/11/2006
- First released in:
- Protected by Foundstone
Additional Resources
Microsoft Security Bulletin: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
Desktop.ini flaw results in executing folders
http://archives.neohapsis.com/archives/bugtraq/2004-05/0168.html
All Information
Timeline -
4/11/2006
Vendor has provided a patch.
5/27/2004
Vulnerability information has been publicly disclosed.
Description -
Microsoft Windows is an industry standard operating system. Windows includes support for a graphical user interface. The Windows Explorer application is a graphical shell included with Windows that is used to access the file system and other features. A code execution vulnerability is present in Windows Explorer. An attacker could craft a malicious Desktop.ini that when processed by Windows Explorer could result in arbitrary code execution. This issue is a variant of the publicly disclosed issue identified by CVE-2004-2289. Affected software: Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Service Pack 0 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Service Pack 1 Microsoft Windows 2000 Service Pack 4 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
McAfee Product Mitigation & Recommendations
Recommendations -
Install the patch from Microsoft (KB908531): http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
McAfee Product Mitigation
McAfee Intrushield
- Signature:
- SMB: Remote COM Activation by desktop.ini Vulnerability
- Signature identifier:
- 0x40708700
- Release date:
- 4/11/2006
- First released in:
- sigsets 1.8.72, 1.9.55, 2.1.38, 3.1.11
McAfee Host IPS
- Signature:
- Remote COM Activation by desktop.ini Vulnerability
- Signature identifier:
- 3750
- Release date:
- 4/11/2006
- First released in:
- security content update 402
McAfee Foundstone
- Signature:
- (MS06-015) Microsoft Windows Explorer Remote COM Activation desktop.ini Vulnerability
- Signature identifier:
- 4361
- Release date:
- 4/11/2006
- First released in:
- Protected by Foundstone
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
Desktop.ini flaw results in executing folders
http://archives.neohapsis.com/archives/bugtraq/2004-05/0168.html
