Very Nasty Unpatched Windows vuln.

Apr 23rd, 2005

Comments: 0
Category: Vulnerability Management

Very Nasty Unpatched Windows vuln.

File Selection May Lead to Command Execution
This vulnerability doesn’t look tooo bad at first. If you can persuade someone to highlight a file in windows explorer then it executes some abitrary code, which it seems can do most things. However you’d have to get people to download the file anyway for it to work as a virus/word, which isn’t too likely (you’d hope, after years of that kind of thing doin the rounds on the ‘net).
Then I got to thinking, what about a completely different attack scenario… Joe the disgruntled employee, could go through the corporate file store adding malicious author fields to word files or the like, then as soon as one of his co-workers clicks the file, the javascript runs and actions are taken looking like the person clicking the file has carried them out. (and if joe’s got any sense the first one would be change the author field removing any evidence of his modification…)
Hard to catch, unless things like A-V scanners get a signature for this (which might be tough), changes of document metadata don’t usually show up in things like security logs, and in many companies people have access to a lot of docs, so it might not be discovered for a long time…
Another interesting point in relation to this vuln. and the unpatched Jet engine one is, how long will it take Microsoft to get a patch out, and will they release it outside the monthly schedule they usually use…..

Add a comment

Your email address will not be shared or published. Required fields are marked *