Microsoft Home
   Alle Produkte   |   Support   |   Suche   |   Microsoft.com Guide  
Microsoft.com Home Page
  Home     Knowledge Base Suche     Produktauswahl     Downloads     Newsgroups     Kontakt  
  Seite empfehlen   
  Drucken   
  Hilfe   


Unchecked Buffer in Windows Shell Could Lead to Code Running (Q313829)


The information in this article applies to:

  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Professional
  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Server
  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Advanced Server
  • Microsoft Windows NT Server versions 4.0 , 4.0 SP1 , 4.0 SP2 , 4.0 SP3 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Server, Enterprise Edition versions 4.0 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Workstation versions 4.0 , 4.0 SP1 , 4.0 SP2 , 4.0 SP3 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Server versions 4.0 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6 , , Terminal Server Edition
  • Microsoft Windows 98 Second Edition



SYMPTOMS

If a program that uses a URL-handler shell extension is incompletely or incorrectly removed, a malicious user may be able to mount a "buffer overrun" attack on the computer. This attack, if successful, could allow malicious code to run on the computer.


CAUSE

This vulnerability occurs because a Windows component that helps to locate incompletely-removed programs contains an unchecked buffer.

If a program is deleted, or incorrectly removed, a "handler" for that program remains in the Windows registry. A malicious code segment that submits invalid data to this handler can cause the Windows shell to stop responding (hang), or can allow other code to run on the computer in the context of the currently-logged-on user account.

NOTE : This vulnerability does not occur when a program is uninstalled. When a program is uninstalled, Windows un-registers the program handler.


RESOLUTION

Windows 2000

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download the Q313829 package now
Release Date: March 7, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   GMT-UTC Date Time   Version         Size       File name
   ----------------------------------------------------------
   03-Dec-2001  21:35  5.00.3502.4718  2,338,576  Shell32.dll      

back to the top

Windows NT 4.0

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download the Q313829 package now
Release Date: March 7, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   GMT-UTC Date Time   Version  Size       File name
   ---------------------------------------------------
   10-Dec-2001  17:53  4.00     1,280,784  Shell32.dll

back to the top

Windows NT Server 4.0, Terminal Server Edition

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download the Q313829 package now
Release Date: March 7, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   GMT-UTC Date Time   Version  Size       File name
   ---------------------------------------------------
   19-Jan-2002  00:25  4.00     1,300,752  Shell32.dll      

back to the top

Windows NT 4.0 with Active Directory, Windows 98, and Windows 98 Second Edition

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download the Q313829 package now
Release Date: March 7, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   GMT-UTC Date Time   Version        Size       File name
   ----------------------------------------------------------
   02-Jun-1998  16:00  4.72.3110.0       80,864  Advpack.dll      
   30-Nov-1997  22:59                    20,480  Prebind.exe      
   07-Dec-2001  04:25  4.72.3812.600  1,388,816  Shel95.dll       
   07-Dec-2001  05:23  4.72.3812.600  1,719,056  Shelnt.dll       
   02-Jun-1998  16:00  4.71.704.0         2,272  W95inf16.dll     
   02-Jun-1998  16:00  4.71.0016.0        4,608  W95inf32.dll     

back to the top


STATUS

Windows 2000

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 2000.

Windows NT 4.0

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows NT 4.0.

Windows NT Server 4.0, Terminal Server Edition

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows NT Server 4.0, Terminal Server Edition.

Windows 98 and Windows 98 Second Edition

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 98 and Microsoft Windows 98 Second Edition.


MORE INFORMATION

The Windows Shell provides the basic framework and functionality of the Windows user interface (UI). It is most familiar to users as the Windows desktop, but also provides other functions that help to define the user's Windows session. These functions include organizing files and folders, and providing the means to run programs. Shell extensions are programs that you can install to add to the functionality of Windows Explorer. Explorer is designed to respond in specific ways when a user completes various functions within its shell. When you click an item, Explorer searches for any program modules that have been registered for that event, and if one exists, it attempts to load that module. If the Windows shell is compromised, Windows may stop responding (hang), or control may be taken by a malicious program.

For additional information about this vulnerability, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-014.asp
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
Q265173 The Datacenter Program and Windows 2000 Datacenter Server Product
For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:
Q296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot


Published Mar 14 2002 5:35PM Issue Type kbbug
Last Modifed Mar 14 2002 5:35PM Additional Query Words security_patch crash
Keywords kbenv kbtool kbSecurity kbWinNT400PreSP7Fix kbWin2000PreSP3Fix

COMMENTS?

If you would like to briefly comment on this article, you can enter your remarks in the space below (up to 255 characters).


Submit Comments

Seite empfehlen  | Drucken  | Hilfe 
 © 2002 Microsoft Corporation. Alle Rechte vorbehalten. Rechtliche Hinweise.  Informationen zum Datenschutz