Bugtraq: Re: Windows XP explorer.exe heap overflow.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Windows XP explorer.exe heap overflow.

From: Dragos Ruiu <dr () kyx net>
Date: Thu, 26 Feb 2004 10:41:11 -0800

To exploit this flaw (in explorer), simply place a malformed (invalid
"size" field) .emf file in any directory, open explorer to that path,
and view as Thumbnails. Bang. In it's simplest form it's a DOS - it
affects all explorer windows, including File Open dialogs for many
programs.


The february 04 issue of MaximumPC lists the following registry key 
to tweak to help speed up your system. Seems to me this might have 
other benefits besides speed. :-)

Remove Image Preview by deleting this key:
 
HKEY_Classes_Root\SystemFileAssociations\Image\ShellEx\ContextMenuHandlers\ShellImagePreview

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada       April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

By Date By Thread

Current thread:

Windows XP explorer.exe heap overflow. sunglasses (Feb 23)
- Re: Windows XP explorer.exe heap overflow. Eli K. (Feb 24)
  - RE: Windows XP explorer.exe heap overflow. Larry Seltzer (Feb 25)
    - Re: Windows XP explorer.exe heap overflow. Eli Kara (Feb 25)
    - Re: Windows XP explorer.exe heap overflow. Dragos Ruiu (Feb 26)
- Re: Windows XP explorer.exe heap overflow. Tim (Feb 24)
- <Possible follow-ups>
- Re: Windows XP explorer.exe heap overflow. Chris Calabrese (Feb 23)
  - blocking gzip encoded files Darwin Mecham (Feb 23)
    - Re: blocking gzip encoded files mgotts (Feb 24)
    - Re: blocking gzip encoded files Josep L. Guallar-Esteve (Feb 24)