Microsoft Windows fails to properly check execute permissions for 16-bit executable files
| win-execute-permissions-16bit (10132) |  Medium Risk |
Description:
Microsoft Windows XP, Windows 2000, and Windows NT fail to properly check execute permissions for 16-bit executable files before loading them. A 16-bit file that is flagged with execute permission denied, could bypass the loader and be opened directly by the NT Virtual DOS Machine (NTVDM). This vulnerability could potentially allow a local attacker to load and execute malicious programs on the system.
Platforms Affected:
- Microsoft, Windows 2000
- Microsoft, Windows NT 4.0
- Microsoft, Windows XP
Remedy:
For Windows XP:
Upgrade to Windows XP Service Pack 1, as listed in Microsoft Knowledge Base Article Q319458. See References.
Consequences:
Gain Privileges
References:
- Abtrusion Security AB Web site, Recently Reported Security Vulnerabilities at http://www.abtrusion.com/msexe16.asp.
- BugTraq Mailing List, Wed Sep 18 2002 - 12:35:26 CDT , Execution Rights Not Checked Correctly For 16-bit Applications at http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html.
- Microsoft Knowledge Base Article 319458, Software Restriction Policies Do Not Recognize 16-Bit Programs at http://support.microsoft.com/default.aspx?scid=kb;[LN];319458.
- BID-5740: Windows 2000/NT/XP 16-bit Application Permission Bypass Vulnerability
- CVE-2002-2401: NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Reported:
Sep 18, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net