Microsoft KB Archive/821557

= MS03-027: An Unchecked Buffer in the Windows Shell Could Permit Your System to Be Compromised =

Article ID: 821557

Article Last Modified on 7/30/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition

-



SYMPTOMS
The Windows shell is responsible for providing the basic framework of the Windows user interface experience. The shell is most familiar as the Windows desktop. The shell also provides a variety of other functions to help define your computing session, including organizing files and folders, and providing the means to start programs.

An unchecked buffer exists in a function that is used by the Windows shell to extract custom attribute information from some folders. A security vulnerability occurs because a malicious user can construct an attack that can exploit this flaw and run code on your computer.

An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupted custom attribute, and then host it on a network share. If a user browses the shared folder where the file is stored, the vulnerability could be exploited. A successful attack could either cause the Windows shell to fail or cause an attacker’s code to run on the user’s computer in the security context of the user. Mitigating factors:
 * In the case when an attacker’s code is executed, the code would run in the security context of the user. As a result, any limitations on the user's ability would also restrict the actions that an attacker's code could take.
 * An attacker could only seek to exploit this vulnerability by hosting a malicious file on a share.
 * This vulnerability affects only Windows XP Service Pack 1 (SP1). If you are running the original released version of Windows XP, your computer is not affected.



Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Update information
The following files are available for download from the Microsoft Download Center:

Windows XP Professional and Windows XP Home Edition:

Download the 821557 package now.

Windows XP 64-Bit Edition:

Download the 821557 package now.

Release Date: July 16, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites
This security patch requires Windows XP Service Pack 1. For additional information about how to obtain the latest service pack, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack

Installation information
This security patch supports the following Setup switches:
 * /?: Display the list of installation switches.
 * /u: Use Unattended mode.
 * /f: Force other programs to quit when the computer shuts down.
 * /n: Do not back up files for removal.
 * /o: Overwrite OEM files without prompting.
 * /z: Do not restart when the installation is complete.
 * /q: Use Quiet mode (no user interaction).
 * /l: List the installed hotfixes.
 * /x: Extract the files without running Setup.

To verify that the security patch is installed on your computer, confirm that the following registry key exists:

Deployment information
To install the security patch without any user intervention, use the following command:

windowsxp-kb821557-x86-enu /u /q

To install the security patch without forcing the computer to restart, use the following command:

windowsxp-kb821557-x86-enu /z

Note You can combine these switches in one command.

For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/wsus/bb466201.aspx

Restart requirement
You must restart your computer after you apply this security patch.

Removal information
To remove this security patch, use the Add or Remove Programs tool in Control Panel.

System administrators can use the Spunist.exe utility to remove this security patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB821557$\Spuninst folder. The tool supports the following Setup switches:
 * /?: Display the list of installation switches.
 * /u: Use Unattended mode.
 * /f: Force other programs to quit when the computer shuts down.
 * /z: Do not restart when the installation is complete.
 * /q: Use Quiet mode (no user interaction).

Security patch replacement information
This security patch does not replace any other security patches.

File information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Professional and Windows XP Home Edition:   Date         Time   Version        Size       File name   SP-level ---   11-Jun-2003  18:43  6.0.2800.1233  8,240,640  Shell32.dll (with SP1) 11-Jun-2003 18:53  6.0.2600.115   8,223,744  Shell32.dll (without SP1) Windows XP 64-Bit Edition:   Date         Time   Version        Size        File name --  11-Jun-2003  18:44  6.0.2800.1233  14,369,792  Shell32.dll (IA-64) 10-Jun-2003 15:39  6.0.2800.1233   8,240,640  Wshell32.dll (x86) You can verify the files that this security patch installs by reviewing the following registry key:



STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Microsoft Windows XP Service Pack 2.



MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-027.mspx

Additional query words: security_patch

Keywords: atdownload kbwinxpsp2fix kbenv kbfix kbwinxppresp2fix kbsecvulnerability kbsecbulletin kbsecurity KB821557

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.