---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Object Packager Dialog Spoofing Vulnerability SECUNIA ADVISORY ID: SA20717 VERIFY ADVISORY: http://secunia.com/advisories/20717/ CRITICAL: Less critical IMPACT: Spoofing, System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an input validation error in the Object Packager (packager.exe) in the handling of the "Command Line" property. This can be exploited to spoof the filename and the associated file type in the Packager security dialog by including a "/" slash character in the "Command Line" property. Example: cmd /c [shell command] /[file].txt This can further be exploited to execute arbitrary shell commands on a user's system by tricking a user into opening and interacting with e.g. a malicious Rich Text document or Word document containing an embedded Package object in e.g. WordPad. SOLUTION: Apply patches. Microsoft Windows XP (with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=86c2b78e-53bf-4ddd-88f6-5d12c6d18c90 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=2ac72356-7772-41b6-b4a6-7215c89f7347 Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=e2f5b9f9-4481-44f9-9aef-1af0afae8319 Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=8c9a22a6-bd61-4fd4-9aa4-012d745046da Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=ec4f4f72-8467-4964-ad28-ed9ea7562e0b PROVIDED AND/OR DISCOVERED BY: Andreas Sandblad, Secunia Research. ORIGINAL ADVISORY: MS06-065 (KB924496): http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------