34 matches found
The vulnerability of the Windows Shell component of the Windows operating system, which allows a hacker to execute arbitrary code
The vulnerability of the Windows Shell component of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...
The vulnerability of the Windows Shell component of the Windows operating system, which allows a hacker to execute arbitrary code
The vulnerability of the Windows Shell component of the Windows operating system exists due to insufficient checking of file copy addresses. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the context of the current user, using specially...
MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it handles saved searches. An attacker might use this flaw to trick an administrator to execute a saved search and therefore execute arbitrary commands on his behalf. C Tenable Network...
MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it performs detection and registration of new hardware. An authenticated user may exploit this vulnerability to elevate his privileges. Tenable Network Security, Inc. include"compat.inc"...
CVE-2006-0012
CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...
MS05-016: Vulnerability in Windows Shell (893086)
The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to elevate his privileges and/or execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or into opening a malicious...
MS05-008: Vulnerability in Windows Shell (890047)
The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to elevate his privileges and/or execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or opening a malicious file...
Windows Shell buffer overflow
No description provided...
Windows Shell file type spoofing
By using class id in content-disposition it's possible ti spoof file type. Content-Disposition: attachment; filename=malware.3050f4d8-98B5- 11CF-BB82-00AA00BDCE0Bfunballgitespiethrow2Empeg"...
Microsoft Security Bulletin MS04-024
Microsoft Security Bulletin MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution 839645 Issued: July 13, 2004 Version: 1.2 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...
MS04-024: Buffer overrun in Windows Shell (839645)
The remote host is running a version of Windows that has a flaw in its shell. An attacker could persuade a user on the remote host to execute a rogue program by using a CLSID instead of a file type, thus fooling the user into thinking that he will not execute an application but simply open a...
CVE-2004-0420
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 ...
CVE-2004-0420
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 ...
ADVISORY: Windows Shell Overflow
Windows Shell Overflow Release Date: March 8, 2002 Severity: Medium Systems Affected: Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Terminal Server Edition Microsoft Windows 2000 Description: There exists a buffer overflow vulnerability...