Signature Detail

HTTP: Microsoft Windows Explorer Invalid url File Overflow

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows Explorer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.

Extended Description

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

Affected Products

• microsoft windows_2003_server 3.1.0.3270
• microsoft windows_2003_server 64-bit
• microsoft windows_2003_server datacenter_64-bit (sp1)
• microsoft windows_2003_server datacenter_64-bit (sp1_beta_1)
• microsoft windows_2003_server datacenter_edition_64-bit (sp1)
• microsoft windows_2003_server datacenter_edition_64-bit (sp1_beta_1)
• microsoft windows_2003_server datacenter_edition (sp1)
• microsoft windows_2003_server datacenter_edition (sp1_beta_1)
• microsoft windows_2003_server enterprise
• microsoft windows_2003_server enterprise (:64-bit)
• microsoft windows_2003_server enterprise_64-bit (sp1)
• microsoft windows_2003_server enterprise_64-bit (sp1_beta_1)
• microsoft windows_2003_server enterprise_edition_64-bit (sp1)
• microsoft windows_2003_server enterprise_edition_64-bit (sp1_beta_1)
• microsoft windows_2003_server enterprise_edition (sp1)
• microsoft windows_2003_server enterprise_edition (sp1_beta_1)
• microsoft windows_2003_server enterprise (sp1)
• microsoft windows_2003_server enterprise (sp1_beta_1)
• microsoft windows_2003_server itanium
• microsoft windows_2003_server r2
• microsoft windows_2003_server r2 (:64-bit)
• microsoft windows_2003_server r2 (:datacenter_64-bit)
• microsoft windows_2003_server r2 (sp1)
• microsoft windows_2003_server r2 (sp1_beta_1)
• microsoft windows_2003_server sp1
• microsoft windows_2003_server sp1 (:enterprise)
• microsoft windows_2003_server sp1 (:itanium)
• microsoft windows_2003_server standard
• microsoft windows_2003_server standard (:64-bit)
• microsoft windows_2003_server standard_64-bit
• microsoft windows_2003_server standard (sp1)
• microsoft windows_2003_server standard (sp1_beta_1)
• microsoft windows_2003_server web (sp1)
• microsoft windows_2003_server web (sp1_beta_1)
• microsoft windows_xp (:64-bit)
• microsoft windows_xp (:embedded)
• microsoft windows_xp (gold)
• microsoft windows_xp (gold:home)
• microsoft windows_xp (gold:professional)
• microsoft windows_xp (:home)
• microsoft windows_xp ibm_oem_version (sp1)
• microsoft windows_xp (:media_center)
• microsoft windows_xp (sp1)
• microsoft windows_xp (sp1:64-bit)
• microsoft windows_xp (sp1:embedded)
• microsoft windows_xp (sp1:home)
• microsoft windows_xp (sp1:media_center)
• microsoft windows_xp (sp1:tablet_pc)
• microsoft windows_xp (sp2)
• microsoft windows_xp (sp2:home)
• microsoft windows_xp (sp2:media_center)
• microsoft windows_xp (sp2:tablet_pc)

References

• BugTraq: 18838
• CVE: CVE-2006-3351