Microsoft Windows XP自执行文件夹漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107950 漏洞类型 未知
发布时间 2004-05-17 更新时间 2006-04-12
CVE编号 CVE-2004-2289 CNNVD-ID CNNVD-200412-186
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/24125
https://www.securityfocus.com/bid/10363
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-186
|漏洞详情
MicrosoftWindowsXPExplorer存在漏洞。本地用户可以借助带有含.ShellClassInfo说明符的Desktop.ini文件的系统文件夹来执行任意代码,该说明符带有一个与可执行文件有关的CLSID值。
|漏洞EXP
source: http://www.securityfocus.com/bid/10363/info

A vulnerability has been reported in Microsoft Windows XP that may cause malicious code to run in the context of the currently logged-in user. The flaw exists in Windows Explorer and may allow executable content that is referenced from inside a folder to run automatically when the folder is accessed. 

This vulnerability poses a security risk since users assume that opening a folder is a safe action and that executable content cannot be run when a folder is accessed. Additionally, attackers may be able to exploit this issue remotely if the malicious folder is accessed from an SMB share. 

The reporter of this issue has provided a proof-of-concept exploit that executes NetMeeting and installs a keylogger on a vulnerable system.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/24125.zip
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Wind
|参考资料

来源:XF
名称:winxp-explorer-code-execution(16171)
链接:http://xforce.iss.net/xforce/xfdb/16171
来源:BID
名称:10363
链接:http://www.securityfocus.com/bid/10363
来源:OSVDB
名称:6221
链接:http://www.osvdb.org/6221
来源:www.freewebs.com
链接:http://www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm
来源:SECUNIA
名称:11633
链接:http://secunia.com/advisories/11633
来源:BUGTRAQ
名称:20040517Desktop.iniflawresultsinexecutingfolders
链接:http://archives.neohapsis.com/archives/bugtraq/2004-05/0168.html
来源:MS
名称:MS06-015
链接:http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx