Full Disclosure mailing list archives

Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER

From: vh <vh () helith net>
Date: Wed, 12 Jan 2005 01:35:38 +0100

On Wed, 12 Jan 2005 06:52:04 +0800
"Team Pwnge" <team_pwn4ge () outgun com> wrote:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- TEAM PWN4GE Security Advisory                                    
PWNED- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -

  Severity: HIGH
     Title: EXPLORER: Vulnerability in all versions of Windows
     Explorer
      Date: January 11, 2005

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

Synopsis
========

Multiple overflows have been found in Windows Explorer, potentially
allowing a remote user to open Explorer and run files remotely.


Background
==========

Windows Explorer is an advanced browsing tool made by Microsoft. It
is used in daily tasks to open folders, copy files, delete files,
rename files and view files on a system. It is the foundation of the
World Wide Web and used by billions worldwide. It runs on an array of
machines.


Affected versions
=================

All versions of Windows' Explorer are vulnerable

Description
===========

Shogun Suzuki discovered that a remote user can connect to any
machine via numerous exploits and use Windows Explorer to view files,
rename files, delete files, change permissions on files stored on a
remote machine that has been pwned.

Impact
======

A remote attacker could install something similar to PCAnywhere
after exploiting Windows and use Windows' Explorer to view, copy
and or open any file on a victims machine.

Workaround
==========

On a command prompt: del C:\WINDOWS\explorer.exe


Isn't explorer the program wich "shows" you the desktop?
Just a clue: Use Open-, Net- or FreeBSD.
These OSs are good enought for all normal tasks you've to do.

Real Workaround: Change the OS 
There's no other way or you like to wait
5 months for a patch. You've to wait at least 4 weeks because MS don#t
provide patches just because there's something critical. Oh no.. they've
their "Patch-Day". Something like a game-show but even more worse
because you don't get patches for all holes even you did everything
right.

License
=======

Copyright 2005 TEAM PWN4GE

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.


Mails are FREE...
But sometimes Linux-Users need licenses for everything...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Team Pwnge (Jan 11)
- Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER vh (Jan 11)
- Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Andrew Farmer (Jan 11)
- RE: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Paul Kurczaba (Jan 11)
  - Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Kevin Reiter (Jan 11)
    - Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Micheal Espinola Jr (Jan 11)
    - Reality, humor, and history (was Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Valdis . Kletnieks (Jan 12)
    - Re: Reality, humor, and history (was Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Stormwalker (Jan 12)
    - Re: Reality, humor, and history (was Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Andrew Farmer (Jan 12)
    - Re: Reality, humor, and history (was Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Dave Horsfall (Jan 13)
    - Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Robert Hogan (Jan 12)
  - Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER Martin Allert (Jan 11)

(Thread continues...)