HTTP: Desktop.ini Code Execution
This signature detects a Desktop.ini file transfer containing content that can be malicious. An attacker can plant a malicious WedDAV folder containing a Desktop.ini file, with a CLSID value that is associated with an executable file. If a user opens this folder, it can allow the attacker to execute remote code on the user's system.
Extended Description
Microsoft Windows Shell is prone to a remote code-execution vulnerability. This issue is due to a flaw in its handling of remote COM objects. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the targeted user. This may facilitate the remote compromise of affected computers. This issue is described as a variant of the one in BID 10363 (Microsoft Windows XP Self-Executing Folder Vulnerability).
Affected Products
Microsoft windows_xp_media_center_edition
References
BugTraq: 17464
CVE: CVE-2006-0012
URL: http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx
Short Name
HTTP:STC:DESKTOP-INI-CODE-EXE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-0012 Code Desktop.ini Execution bid:17464
Release Date
04/11/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.1