A local overflow exists in Microsoft Windows Explorer and Internet Explorer. The vulnerable products fail to properly check file share name lengths resulting in a buffer overflow. By tricking an authenticated local user on the system to browse or map a file server containing a specially crafted file share name, an attacker can cause Windows Explorer or Internet Explorer to crash and possibly execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Currently, there are no known upgrades or patches to correct this issue. Although Microsoft has claimed the problem was fixed in XP SP 1 and 2000 SP 4, this has been disproved through testing. It is possible to correct the flaw by implementing the following workaround(s): Disabling the "Client for Microsoft Networks" on all network interfaces, which will stop all file share access. Additionally, filter SMB traffic on network edges.

• Secunia Advisory ID: 11482
• Microsoft Knowledge Base Article: 322857
• Other Advisory URL: http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html
• Mail List Post: http://www.securityfocus.com/archive/1/361493/2004-04-24/2004-04-30/2

• Rodrigo Gutierrez - rodrigointellicomp.cl - Trustix AS

We currently have no CVSS2 data on this vulnerability. Feel free to suggest it.