PT-2006-4243 · Microsoft · Windows Explorer+2

Nanika

Published

2006-07-06

Updated

2018-10-18

CVE-2006-3351

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Windows Explorer (explorer.exe) versions on Windows XP and 2003

Description The issue allows user-assisted attackers to cause a denial of service, potentially leading to repeated crashes, and may also enable the execution of arbitrary code. This is achieved through a .url file containing an InternetShortcut tag with a long URL and a large number of "file:" specifiers.

Recommendations For Windows XP and 2003, avoid using .url files with long URLs and multiple "file:" specifiers in the InternetShortcut tag until a fix is available. As a temporary workaround, consider restricting the use of .url files with InternetShortcut tags to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3351

Affected Products

Windows 2003

Windows Explorer

Windows Xp

PT-2006-4243 · Microsoft · Windows Explorer+2

CVE-2006-3351

Related Identifiers

Affected Products

References · 6