Microsoft Windows Object Packager File Extension Dialog Spoofing

2006-10-10T16:34:40
ID OSVDB:29424
Type osvdb
Reporter Andreas Sandblad()
Modified 2006-10-10T16:34:40

Description

Vulnerability Description

Microsoft Windows Object Packages contains a flaw that may allow a malicious user to spoof filename and the associated file type in th Packager security. The issue is triggered when a slash character ('/') is included in the 'Command Line' property. It is possible that the flaw may allow execution of arbitrary shell command resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Short Description

Microsoft Windows Object Packages contains a flaw that may allow a malicious user to spoof filename and the associated file type in th Packager security. The issue is triggered when a slash character ('/') is included in the 'Command Line' property. It is possible that the flaw may allow execution of arbitrary shell command resulting in a loss of integrity.

Manual Testing Notes

cmd.exe /c [shell command] /[file].txt

References:

Security Tracker: 1017037 Secunia Advisory ID:20717 Other Advisory URL: http://secunia.com/secunia_research/2006-54/advisory/ OVAL ID: 496 Microsoft Security Bulletin: MS06-065 Microsoft Knowledge Base Article: 924496 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0231.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0158.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0236.html Keyword: aka "Object Packager Dialogue Spoofing Vulnerability" FrSIRT Advisory: ADV-2006-3984 CVE-2006-4692 CERT VU: 703936 Bugtraq ID: 20318