Short Name |
HTTP:IIS:WEBDAV:WINDOWS-SHELL |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Shell File Name Code Execution |
Release Date |
2012/07/16 |
Update Number |
2161 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A vulnerability exists in Microsoft Windows Shell. The vulnerability is due to the way the Windows shell handles file and directory names. An attacker can exploit this vulnerability by enticing a user to open a file or directory with a specially crafted name. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may facilitate the remote compromise of affected computers.