Overview
A remotely exploitable buffer overflow vulnerability exists in the Microsoft Windows Shell.
Description
The Microsoft Windows Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows: The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications. A buffer overflow exists in the process the Windows Shell uses to launch applications. If an attacker can persuade a user to visit a specially crafted web page the attacker may be able to execute arbitrary code with the privileges of the current user. For more detailed information and for a list of vulnerable software, see Microsoft Security Bulletin MS04-037. Please also note that this advisory replaces MS04-024 for Microsoft Windows NT 4.0, 2000, XP, and Server 2003. |
Impact
If a remote attacker can persuade a user to visit a specially crafted web page, the attacker may be able to execute arbitrary code on that user's system, possibly with elevated privileges. |
Solution
Apply Patch
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Microsoft has published Microsoft Security Bulletin MS04-037 to address this vulnerability. Microsoft credits Yorick Koster of ITsec Security Services providing information regarding this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2004-0214 |
| Severity Metric: | 27.11 |
| Date Public: | 2004-10-12 |
| Date First Published: | 2004-11-23 |
| Date Last Updated: | 2004-11-23 20:10 UTC |
| Document Revision: | 60 |