Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Patch for .LNK file handling vulnerability (shell32.dll)
Posted by: Vektor
Date: July 24, 2010 10:18AM

Quote

Vulnerability in Windows Shell Could Allow Remote Code Execution

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.
Source: http://www.microsoft.com/technet/security/advisory/2286198.mspx
PoC: http://www.ivanlef0u.tuxfamily.org/?p=411

Quote

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Source: http://www.microsoft.com/technet/security/advisory/2286198.mspx

For those other "unsupported" OS-es I made a patch for shell32.dll that corrects this problem without the need to disable showing icons in Windows.

Link for patch + source code: Patch for 0day .LNK file handling vulnerability

Supported operating systems:

Windows 2000 SP1
Windows 2000 SP4
Windows XP - no service pack
Windows XP SP1
Windows XP SP1a
Windows XP SP2
Windows XP SP3

Options: ReplyQuote


Sorry, only registered users may post in this forum.