Update Protection against Microsoft Windows Explorer Invalid URL File Parsing Stack Overflow
| Check Point Reference: | CPAI-2006-260 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SecurityFocus Bugtraq ID: 18838 | |
| Industry Reference(s): | CVE-2006-3351 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | ||
| Vulnerability Description The Microsoft Windows series of operating systems is one of the most popular systems in use on workstations, home computers, and servers. All versions of the OS include a graphical shell interface, called Windows Explorer. |
||
|
Vulnerability Details There exists a stack exhaustion vulnerability in Microsoft Windows Explorer. The flaw is caused by the improper parsing of URL strings contained within a .url file. An attacker can exploit this vulnerability by enticing a user to open a crafted .url file, resulting in abnormal termination of the affected program. The target application will usually terminate immediately as a result of an attack attempt. If the malicious file is stored on the Desktop of the active user, the application will continually read the file and terminate. In most cases, this renders the Windows operating system unusable until the file is manually removed. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.