CVE-2006-2334

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4 and XP SP2

Description The issue concerns the RtlDosPathNameToNtPathName U API function in NTDLL.DLL, which fails to properly convert DOS style paths with trailing spaces into NT style paths. This allows attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory. As a result, certain anti-virus and anti-spyware software may be unable to detect or disinfect these files.

Recommendations For Microsoft Windows 2000 SP4 and XP SP2, consider applying configuration changes to handle DOS style paths with trailing spaces correctly until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.