Title: Microsoft Windows 9x Quotation Exclusion File Execution Vulnerability
Severity: MODERATE
Description:
When specifying a path to a file containing spaces in the Windows Registry, quotation marks must be used in order for the OS to interpret the path correctly.
If quotation marks are not used, the OS will treat the file path up until the first encountered space as the full path. For example,
C:\Program Files\Directory\Filename
will cause Windows to execute C:\Program if such an executable exists, passing the "Files\Directory\Filename" portion of the path as an arugment to the program.
This could lead to the execution of malicious code/commands on a vulnerable system. Successful exploitation of this vulnerability could lead to a complete compromise of the host.
It should be noted that this vulnerability can be used for a number of directories other than the "C:\Program Files".
Affected Products:
- Microsoft Windows 95
- Microsoft Windows 98
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
