Microsoft Windows MS04-037 patch is not installed

win-ms04037-patch (17662) The risk level is classified as HighHigh Risk

Description:

The patch specified in Microsoft Security Bulletin MS04-037 is not installed, which could allow a remote attacker to exploit the following two vulnerabilities:

Microsoft Windows 2000, Windows XP, and Windows 95/98 are vulnerable to a buffer overflow, caused by improper bounds checking of file names. A remote attacker, in control of a malicious file server, could create a file share name containing 300 or more characters to overflow a buffer and cause Internet Explorer or Windows Explorer to crash, and possibly execute arbitrary code on the system, once the victim attempts to map to or view the file.

Microsoft Windows Program Group Converter (Grpconv.exe) is a tool included in Microsoft Windows platforms that translates groups and group items to folders and tracks changes in the group file using registry information. Grpconv.exe is vulnerable to a buffer overflow, caused by improper bounds checking of file names. A remote attacker could create a specially-crafted file to overflow the buffer and possibly execute arbitrary code on the system, once the victim opens the file. Exploitation of this vulnerability may be difficult since the parameter supplied by the attacker is stored in Unicode format.

Platforms Affected:

  • Microsoft, Windows 2000 SP3 Server
  • Microsoft, Windows 2000 SP4
  • Microsoft, Windows 2003 Server x64
  • Microsoft, Windows 98
  • Microsoft, Windows 98SE
  • Microsoft, Windows Me
  • Microsoft, Windows NT 4.0 SP6 Terminal Server
  • Microsoft, Windows NT 4.0 SP6a Server
  • Microsoft, Windows XP 2003 64-bit
  • Microsoft, Windows XP SP1
  • Microsoft, Windows XP SP1 64-bit
  • Microsoft, Windows XP

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-037. See References.

Consequences:

Gain Access

References:

  • IBM Internet Security Systems X-Force Database, Microsoft Windows long file share name buffer overflow at http://xforce.iss.net/xforce/xfdb/15956.
  • IBM Internet Security Systems X-Force Database, Microsoft Windows Program Group Converter buffer overflow at http://xforce.iss.net/xforce/xfdb/16664.
  • Microsoft Security Bulletin MS04-037, Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) at http://www.microsoft.com/technet/security/bulletin/ms04-037.mspx.
  • BID-10213: Microsoft Windows Shell Long Share Name Buffer Overrun Vulnerability
  • BID-10677: Microsoft Windows Program Group Converter Filename Local Buffer Overrun Vulnerability
  • CVE-2004-0214: Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
  • CVE-2004-0572: Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.

Reported:

Oct 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page