Home page logo
/

bugtraq logo Bugtraq mailing list archives

Vulnerability in "Fujitsu Desktop Update" (for Windows)
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Wed, 8 May 2013 22:57:49 +0200

Hi @ll,

Fujitsu's update utility "Fujitsu Desktop Update" (see
<http://support.ts.fujitsu.com/DeskUpdate/Index.asp>), which is
factory-preinstalled on every Fujitsu (Siemens) PC with Windows,
has a vulnerability which allows the execution of a rogue program
in the security context of the current user.


The application is registered as control panel item via

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]
@="Fujitsu DeskUpdate"


The "shell object" with GUID {070B64FF-795D-4DAA-88AD-6D3277C7E445} is
registered with

[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]
@="Fujitsu DeskUpdate"
"InfoTip"=expand:"@C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-132"
"System.ControlPanel.Category"=dword:00000005
"System.Software.TasksFileUrl"="C:\\Program Files (x86)\\Fujitsu\DeskUpdate\\duconfig.xml"

[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\DefaultIcon]
@=expand:"C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-0"

[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\Shell\Open\Command]
@="C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe"


The last entry is a pathname with unquoted spaces and allows the
execution of the rogue programs "C:\Program.exe" and/or
"C:\Program Files.exe", as documented in
<http://msdn.microsoft.com/library/ms682425.aspx>


Stefan Kanthak

PS: long pathnames containing spaces exist for about 20 years
    now in Windows, EVERY developer should know how to use them
    properly, and EVERY QA should check their proper use!


  By Date           By Thread  

Current thread:
  • Vulnerability in "Fujitsu Desktop Update" (for Windows) Stefan Kanthak (May 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]