Microsoft Windows fails to properly check execute permissions for 16-bit executable files
| win-execute-permissions-16bit (10132) |  Medium Risk |
Description:
Microsoft Windows XP, Windows 2000, and Windows NT fail to properly check execute permissions for 16-bit executable files before loading them. A 16-bit file that is flagged with execute permission denied, could bypass the loader and be opened directly by the NT Virtual DOS Machine (NTVDM). This vulnerability could potentially allow a local attacker to load and execute malicious programs on the system.
Consequences:
Gain Privileges
Remedy:
For Windows XP:
Upgrade to Windows XP Service Pack 1, as listed in Microsoft Knowledge Base Article Q319458. See References.
References:
- Abtrusion Security AB Web site: Recently Reported Security Vulnerabilities.
- BugTraq Mailing List, Wed Sep 18 2002 - 12:35:26 CDT : Execution Rights Not Checked Correctly For 16-bit Applications.
- Microsoft Knowledge Base Article 319458: Software Restriction Policies Do Not Recognize 16-Bit Programs.
- BID-5740: Windows 2000/NT/XP 16-bit Application Permission Bypass Vulnerability
- CVE-2002-2401: NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Platforms Affected:
- Microsoft Windows 2000
- Microsoft Windows NT 4.0
- Microsoft Windows XP
Reported:
Sep 18, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net