Vigil@nce: Windows Explorer, code execution via Saved Search
July 2008 by Vigil@nce
An attacker can invite the victim to save a Saved Search file in
order to execute code in Windows Explorer.
– Gravity: 3/4
– Consequences: user access/rights
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/07/2008
– Identifier: VIGILANCE-VUL-7939
IMPACTED PRODUCTS
– Microsoft Windows 2008
– Microsoft Windows Vista [confidential versions]
DESCRIPTION
The Saved Search feature creates files with the ".search-ms"
extension.
When a ".search-ms" file is saved on the hard disk, the Windows
Explorer analyzes its content. However, this file can contain
malicious data leading to code execution with privileges of the
victim.
An attacker can therefore invite the victim to save a Saved Search
file in order to execute code on his computer.
CHARACTERISTICS
– Identifiers: 950582, BID-30109, CVE-2008-1435, MS08-038,
VIGILANCE-VUL-7939
– Url: https://vigilance.aql.fr/tree/1/7939