[VulnWatch] xp sp2 weaknesses

From: Richie B. (richie_at_NO-SPAM-HERE.com)
Date: 08/18/04

Next message: Chris Wysopal: "[VulnWatch] Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability"

Previous message: GreyMagic Software: "[VulnWatch] Opera Local File/Directory Detection (GM#009-OP)"
Next in thread: hellNbak: "Re: [VulnWatch] xp sp2 weaknesses"
Reply: hellNbak: "Re: [VulnWatch] xp sp2 weaknesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Aug 2004 10:20:53 +0200
To: vulnwatch@vulnwatch.org

I haven't seen this report here yet.

Flaws in SP2 security features
==============================

1) The command shell cmd.exe ignores the ZoneID of files.
2) Windows Explorer caches the result of ZoneID lookups. If a file is
overwritten, Explorer does not properly update this cached information
to reflect the new ZoneID. This allows spoofing of trusted or
non-existant ZoneIDs by overwriting files with trusted or non-existent
ZoneIDs.

URL: http://www.heise.de/security/artikel/50051

Cheers,

Richie

Next message: Chris Wysopal: "[VulnWatch] Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability"

Previous message: GreyMagic Software: "[VulnWatch] Opera Local File/Directory Detection (GM#009-OP)"
Next in thread: hellNbak: "Re: [VulnWatch] xp sp2 weaknesses"
Reply: hellNbak: "Re: [VulnWatch] xp sp2 weaknesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]