Windows search-ms protocol handler command execution vulnerability

Added: 12/11/2008
CVE: CVE-2008-4269
BID: 32652
OSVDB: 50566

Background

The search-ms protocol allows applications to query the Windows Search index.

Problem

A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments to Windows Explorer.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-075.

References

http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx

Limitations

Exploit works on Windows Vista SP0 and requires the target to have access to the specified share.

Before this exploit can succeed, the /exploit.exe file must be downloaded from the exploit server and saved on the specified share.

Platforms

Windows Vista

Back to exploit index