"In order to exploit the vulnerability the user would have to open an .rtf file and then click on an embedded object within the file. After clicking on the object the user would then have to click on the embedded object within the file and accept a misleading dialogue indicating that the user is about access a different file type."
----- Original Message ----- TITLE: Microsoft Windows Object Packager Dialog Spoofing Vulnerability SECUNIA ADVISORY ID: SA20717 VERIFY ADVISORY: http://secunia.com/advisories/20717/ CRITICAL: Less critical IMPACT: Spoofing, System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an input validation error in the Object Packager (packager.exe) in the handling of the "Command Line" property. This can be exploited to spoof the filename and the associated file type in the Packager security dialog by including a "/" slash character in the "Command Line" property. Example: cmd /c [shell command] /[file].txt This can further be exploited to execute arbitrary shell commands on a user's system by tricking a user into opening and interacting with e.g. a malicious Rich Text document or Word document containing an embedded Package object in e.g. WordPad. SOLUTION: Apply patches. Microsoft Windows XP (with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=86c2b78e-53bf-4ddd-88f6-5d12c6d18c90 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=2ac72356-7772-41b6-b4a6-7215c89f7347 Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=e2f5b9f9-4481-44f9-9aef-1af0afae8319 Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=8c9a22a6-bd61-4fd4-9aa4-012d745046da Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=ec4f4f72-8467-4964-ad28-ed9ea7562e0b ORIGINAL ADVISORY: MS06-065 (KB924496): http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
