Article ID: 821557 - Last Review: July 30, 2007 - Revision: 8.5

MS03-027: An Unchecked Buffer in the Windows Shell Could Permit Your System to Be Compromised

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

SYMPTOMS

The Windows shell is responsible for providing the basic framework of the Windows user interface experience. The shell is most familiar as the Windows desktop. The shell also provides a variety of other functions to help define your computing session, including organizing files and folders, and providing the means to start programs.

An unchecked buffer exists in a function that is used by the Windows shell to extract custom attribute information from some folders. A security vulnerability occurs because a malicious user can construct an attack that can exploit this flaw and run code on your computer.

An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupted custom attribute, and then host it on a network share. If a user browses the shared folder where the file is stored, the vulnerability could be exploited. A successful attack could either cause the Windows shell to fail or cause an attacker’s code to run on the user’s computer in the security context of the user. Mitigating factors:
  • In the case when an attacker’s code is executed, the code would run in the security context of the user. As a result, any limitations on the user's ability would also restrict the actions that an attacker's code could take.
  • An attacker could only seek to exploit this vulnerability by hosting a malicious file on a share.
  • This vulnerability affects only Windows XP Service Pack 1 (SP1). If you are running the original released version of Windows XP, your computer is not affected.
Back to the top

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389  (http://support.microsoft.com/kb/322389/EN-US/ ) How to obtain the latest Windows XP service pack
Back to the top

Update information

The following files are available for download from the Microsoft Download Center:

Windows XP Professional and Windows XP Home Edition:
Collapse this imageExpand this image
Download
Download the 821557 package now. (http://microsoft.com/downloads/details.aspx?FamilyId=27D02AF5-A2E1-4E25-9D16-502886161A35&displaylang=en)
Windows XP 64-Bit Edition:
Collapse this imageExpand this image
Download
Download the 821557 package now. (http://microsoft.com/downloads/details.aspx?FamilyId=4BA84E2B-49F9-4416-8745-51F03503AB7D&displaylang=en)
Release Date: July 16, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This security patch requires Windows XP Service Pack 1. For additional information about how to obtain the latest service pack, click the following article number to view the article in the Microsoft Knowledge Base:
322389  (http://support.microsoft.com/kb/322389/EN-US/ ) How to Obtain the Latest Windows XP Service Pack

Installation information

This security patch supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Use Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when the installation is complete.
  • /q: Use Quiet mode (no user interaction).
  • /l: List the installed hotfixes.
  • /x: Extract the files without running Setup.
To verify that the security patch is installed on your computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB821557

Deployment information

To install the security patch without any user intervention, use the following command:
windowsxp-kb821557-x86-enu /u /q
To install the security patch without forcing the computer to restart, use the following command:
windowsxp-kb821557-x86-enu /z
Note You can combine these switches in one command.

For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/wsus/bb466201.aspx (http://technet.microsoft.com/en-us/wsus/bb466201.aspx)

Restart requirement

You must restart your computer after you apply this security patch.

Removal information

To remove this security patch, use the Add or Remove Programs tool in Control Panel.

System administrators can use the Spunist.exe utility to remove this security patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB821557$\Spuninst folder. The tool supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Use Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /z: Do not restart when the installation is complete.
  • /q: Use Quiet mode (no user interaction).

Security patch replacement information

This security patch does not replace any other security patches.

File information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Professional and Windows XP Home Edition: 
   Date         Time   Version        Size       File name   SP-level 
   ----------------------------------------------------------------------- 
   11-Jun-2003  18:43  6.0.2800.1233  8,240,640  Shell32.dll (with SP1) 
   11-Jun-2003  18:53  6.0.2600.115   8,223,744  Shell32.dll (without SP1)
Windows XP 64-Bit Edition: 
   Date         Time   Version        Size        File name
   ------------------------------------------------------------------
   11-Jun-2003  18:44  6.0.2800.1233  14,369,792  Shell32.dll (IA-64)
   10-Jun-2003  15:39  6.0.2800.1233   8,240,640  Wshell32.dll (x86)
You can verify the files that this security patch installs by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB821557\Filelist
Back to the top

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Microsoft Windows XP Service Pack 2.
Back to the top

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS03-027.mspx (http://www.microsoft.com/technet/security/bulletin/MS03-027.mspx)
Back to the top
APPLIES TO
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Home Edition SP1
Back to the top
Keywords: 
atdownload kbwinxpsp2fix kbenv kbfix kbwinxppresp2fix kbsecvulnerability kbsecbulletin kbsecurity KB821557
Back to the top