Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:WEBDAV:WINDOWS-SHELL |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Shell File Name Code Execution |
Release Date |
2012/07/16 |
Update Number |
2161 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Windows Shell File Name Code Execution
A vulnerability exists in Microsoft Windows Shell. The vulnerability is due to the way the Windows shell handles file and directory names. An attacker can exploit this vulnerability by enticing a user to open a file or directory with a specially crafted name. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Extended Description
Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may facilitate the remote compromise of affected computers.
Affected Products
- Microsoft windows 7
- Microsoft windows_7_for_32-bit_systems SP1
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_itanium-based_systems SP1
- Microsoft windows_7_for_itanium-based_systems
- Microsoft windows_7_for_x64-based_systems SP1
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_7_home_premium - Sp1 X32
- Microsoft windows_7_home_premium - Sp1 X64
- Microsoft windows_7_home_premium
- Microsoft windows_7_professional
- Microsoft windows_server 2003
- Microsoft windows_server 2008
- Microsoft windows_server 2008 R2
- Microsoft windows_server_2003 Gold
- Microsoft windows_server_2003 Gold Compute Cluster
- Microsoft windows_server_2003 Gold Datacenter
- Microsoft windows_server_2003 Gold Enterprise
- Microsoft windows_server_2003 Gold Itanium
- Microsoft windows_server_2003 Gold Standard
- Microsoft windows_server_2003 Gold Storage
- Microsoft windows_server_2003 Gold X64
- Microsoft windows_server_2003 Gold X64-Datacenter
- Microsoft windows_server_2003 Gold X64-Enterprise
- Microsoft windows_server_2003 Gold X64-Standard
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition_itanium SP2
- Microsoft windows_server_2003_enterprise_edition_itanium Sp2 Itanium
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2008 R2 SP1
- Microsoft windows_server_2008 - Sp2 Enterprise X64
- Microsoft windows_server_2008_datacenter_edition Release Candidate
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition Release Candidate
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_r2_datacenter SP1
- Microsoft windows_server_2008_r2_datacenter
- Microsoft windows_server_2008_r2_enterprise_edition
- Microsoft windows_server_2008_r2_for_x64-based_systems SP1
- Microsoft windows_server_2008_r2_for_x64-based_systems
- Microsoft windows_server_2008_r2_itanium SP1
- Microsoft windows_server_2008_r2_itanium
- Microsoft windows_server_2008_r2_standard_edition
- Microsoft windows_server_2008_r2_x64 SP1
- Microsoft windows_server_2008_r2_x64
- Microsoft windows_server_2008_standard_edition - Gold
- Microsoft windows_server_2008_standard_edition - Gold Datacenter
- Microsoft windows_server_2008_standard_edition - Gold Enterprise
- Microsoft windows_server_2008_standard_edition - Gold Hpc
- Microsoft windows_server_2008_standard_edition - Gold Itanium
- Microsoft windows_server_2008_standard_edition - Gold Standard
- Microsoft windows_server_2008_standard_edition - Gold Storage
- Microsoft windows_server_2008_standard_edition - Gold Web
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_server_2008_standard_edition R2
- Microsoft windows_server_2008_standard_edition R2 SP1
- Microsoft windows_server_2008_standard_edition Release Candidate
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_standard_edition - Sp2 Hpc
- Microsoft windows_server_2008_standard_edition - Sp2 Storage
- Microsoft windows_server_2008_standard_edition - Sp2 Web
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Business
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Business SP2
- Microsoft windows_vista Enterprise
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP1
- Microsoft windows_vista SP2
- Microsoft windows_vista SP2 Beta
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_business_64-bit_edition Sp1 X64-Enterprise
- Microsoft windows_vista_business_64-bit_edition Sp1 X64-Home Premium
- Microsoft windows_vista_business_64-bit_edition Sp1 X64-Ultimate
- Microsoft windows_vista_business_64-bit_edition Sp1 X86-Enterprise
- Microsoft windows_vista_business_64-bit_edition Sp1 X86-Ultimate
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_vista_business_64-bit_edition X64-Enterprise
- Microsoft windows_vista_business_64-bit_edition X64-Ultimate
- Microsoft windows_vista_business_64-bit_edition X86-Enterprise
- Microsoft windows_vista_business_64-bit_edition X86-Ultimate
- Microsoft windows_vista_business_64-bit_edition
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_service_pack_2
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_embedded SP1
- Microsoft windows_xp_embedded SP2
- Microsoft windows_xp_embedded SP3
- Microsoft windows_xp_embedded
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition SP3
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_tablet_pc_edition
References
- BugTraq: 54307
- CVE: CVE-2012-0175