Announcement Announcement Module
Collapse
No announcement yet.
Remote Code Execution Vulnerability in Microsoft Windows File Handling Component Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Code Execution Vulnerability in Microsoft Windows File Handling Component

    Severity Rating: HIGH

    Systems Affected

    Windows XP SP3 and Professional x64 Edition SP2
    Windows Vista SP2 and x64 Edition SP2
    Windows Server 2003 SP2 ,x64 Edition SP2 and SP2 for Itanium-based Systems
    Windows Server 2008 SP2 ,x64 Edition SP2 and SP2 for Itanium-based Systems
    Windows Server 2008 R2 x64-based SystemsSP1 and for Itanium-Based Systems
    Windows 7 SP1 for 32-bit and x64-based Systems
    Windows 8 for 32-bit and x64 based Systems
    Windows 8.1 for 32-bit and x64 based Systems
    Windows Server 2012
    Windows Server 2012 R2
    Windows RT
    Windows RT 8.1
    Overview

    A vulnerability has been reported in Microsoft Windows File Handling Component which could be exploited by a remote attacker to take complete control of the affected system.

    Description

    This vulnerability exists in Microsoft Windows file handling component due to improper path restriction while processing specially crafted .bat and .cmd files that are run from an external network. A remote attacker could exploit this vulnerability by convincing the user to visit a link that contains a malicious file.

    Successful exploitation of this vulnerability could result in execution of arbitrary code on the targeted system in context of the logged-on user.


    Workaround

    Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
    Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone Solution

    Apply appropriate patches as mentioned in Microsoft Security Bulletin MS14-019 / http://technet.microsoft.com/en-us/security/bulletin/ms14-019

    Vendor Information

    Microsoft
    http://technet.microsoft.com/en-us/s...letin/ms14-019


    References

    Microsoft
    http://technet.microsoft.com/en-us/s...letin/ms14-019


    Cisco
    http://tools.cisco.com/security/cent...?alertId=33581


    Secunia
    http://secunia.com/advisories/57642/


    Symantec
    http://www.symantec.com/security_res....jsp?bid=66619

Tag Cloud Tag Cloud Module
Collapse
Working...
X