'Shell' access flaw hits Microsoft products Staff

A remote, critical security bypass flaw affecting Microsoft Word 2002 and MSN Messenger 6.x is closely related to a Mozilla browser flaw announced last week.

Vulnerability researcher Jesse Ruderman reported a flaw that could allow an attacker

    Requires Free Membership to View

to access the Windows "shell:" functionality. In this case, the programs fail to restrict access to the "shell:" URI handler, which could enable an attacker to invoke various programs associated with specific extensions. It's not possible to pass parameters to these programs, only filenames, thus limiting the impact of launching applications, security research company Secunia said.

The Windows "shell:" URI handler is inherently insecure and should only be accessed from a few trusted sources, according to the advisory. It may even pose a threat through Word documents, Secunia reported. Multiple exploits in Internet Explorer also utilize "shell:" functionality.

Users are advised not to follow links in MSN Messenger or those from Word documents originating from untrusted sources.

This vulnerability is similar to a flaw in Mozilla's Application Suite, Firefox and Thunderbird products running on Windows XP. Mozilla issued a fix last week, but some are questioning its effectiveness.

"Mozilla's 'patch' for the shell protocol security issue is merely a global configuration change, but is it enough?" asked security researcher Aviv Raff in a posting to a security mailing list. "If an attacker has a file writing access to the user's default profile directory, or somehow manages to update/create the file user.js (or even worse -- mozilla.cfg) he can override the patch's configuration change and enable the shell protocol handler again.

"Trying to apply the patch again won't override the attacker's configuration change, and doing it manually through the about:config interface will be enough only until the user closes the browser," added Raff.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: