View Full Version : XP Shell Vulnerability Threatens Systems.

19 Dec 2002, 20:23
Hate to do a copy/paste but im patching and things are slow.

A security vulnerability in the Windows XP shell could compromise user systems, letting attackers take over machines and run malicious code. The vulnerability affects all XP versions--XP Home Edition, XP Professional Edition (including the 64-bit version), XP Media Center Edition, and XP Tablet PC Edition--and takes advantage of an XP feature that lets the system extract information from audio files in MP3 and Windows Media Audio (WMA) formats.
"An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files," a Microsoft security bulletin that describes the vulnerability reads. "A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw."

An attacker could use the vulnerability to create a bogus or compromised audio file that contains executable code that's accessible through the file's metadata information. A user can trigger the code by retrieving the file from a file-sharing service, through email, or from some other online location, then holding the cursor over the file in the Windows Explorer shell. Malicious code in the file could crash the shell or unleash an attack that creates, modifies, or deletes data; reconfigures the system; or reformats the hard disk. Although security researchers originally viewed this problem as a Windows Media Player (WMP) vulnerability, Microsoft says the vulnerability is in the XP shell, not in the player.

XP users who have enabled Auto Update are already protected against this vulnerability. Other XP users can download a fix from Windows Update.

Read more (http://www.microsoft.com/technet/security/bulletin/ms02-072.asp)

19 Dec 2002, 20:32
well....just downloaded the latest updates 30 mins ago! looks like im ahead fo the game:)

19 Dec 2002, 20:37
/me is happy he put Windows 2000 on instead of XP after formatting and that his iBook suffers from virtually no virus threats or security holes :D

19 Dec 2002, 20:40
Mac OS is lessed used so naturally your not ganna have as many bugs found :p.

19 Dec 2002, 20:57
Windows 2000 has more secruity holes than Courtney Love's Personalitly.

19 Dec 2002, 21:23
Originally posted by Anime-loo
Mac OS is lessed used so naturally your not ganna have as many bugs found :p.

OS X is Unix. Bow down!

19 Dec 2002, 23:17
Its not pure unix, and it begin unix in no way means it has more or less bugs then windows. Im no M$ fan myself, and the point of Mac OX X begin unix in no way effects that fact that it is less common. Thus less bugs will be found. Fact is that if more people used a Mac, there would be more bugs found.