A buffer overflow vulnerability in the Windows shell could lead to the execution of malicious code with privileges of the logged in user, according to security experts.
This could include the ability to add or delete files, communicate with websites, or even reformat the hard drive.
The vulnerability is the result of an unchecked buffer in a part of the Windows shell that helps to locate missing programs.
If a program failed to correctly uninstall itself and left behind a custom URL handler, it would be possible to invoke this function from a web page by using the 'orphaned' handler. An attacker could overrun this buffer and cause the execution of malicious code.
Most programs, such as Outlook, AOL Instant Messenger and Windows Media Player, install their own custom URL handlers so that functionality can be passed from a URL to the relevant program handler.
If such a program left a pointer to the URL handler behind when it was uninstalled, it could also leave a backdoor for hackers.
This vulnerability is primarily a local one affecting Windows 98, NT 4 and 2000 but, because of the integrated nature of Windows, it is possible to exploit it remotely using any program that supports URLs. For example a malicious URL could be sent in an email or embedded in a web page.
If the code is exploited either locally or remotely, it will execute with the permissions of user being attacked. So if the user executing the URL is Administrator then the attack code will execute as Administrator.
Freshly launched 11nm Qualcomm silicon will come with Adreno 612 GPU
Are pinning down the exact rate of expansion of the Hubble constant
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?