=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN618
_____________________________________________________________________

DATE                      : 12/10/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS05-049 - Vulnerabilities in Windows Shell Could Allow Remote Code
            Execution (900725)

   - Affected Software:
     - Windows 2000 Service Pack 4
     - Windows XP Service Pack 1
     - Windows XP Service Pack 2
     - Windows XP 64-Bit Edition Service Pack 1 (Itanium)
     - Windows XP 64-Bit Edition Version 2003 (Itanium)
     - Windows XP Professional x64 Edition
     - Windows Server 2003
     - Windows Server 2003 Service Pack 1
     - Windows Server 2003 for Itanium-based Systems
     - Windows Server 2003 with SP1 for Itanium-based Systems
     - Windows Server 2003 x64 Edition

     - Impact: Remote Code Execution
     - Version Number: 1.0

Full MS05-049 advisory:
http://www.microsoft.com/technet/security/bulletin/MS05-049.mspx


Vulnerability Details:

Shell Vulnerabilities - CAN-2005-2122 and CAN-2005-2118:

Two remote code execution vulnerabilities exists in Windows because of the
way that it handles the .lnk file name extension. By persuading a user to
open an .lnk file that has specially-crafted properties an attacker could
execute code on an affected system.


Web View Script Injection Vulnerability - CAN-2005-2117:

A remote code execution vulnerability exists in the way that Web View in
Windows Explorer handles certain HTML characters in preview fields. By
persuading a user to preview a malicious file, an attacker could execute
code. However, user interaction is required to exploit this vulnerability.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================