Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

SHELL32.DLL Denial of Service

Dec 14, 2003 12:57AM PST

Summary
Attackers can turn a media (directory, drive, mail, ...) into a small attacking program allowing it to crash any application that would try to access it using SHELL32.DLL library (Explorer, IE, Outlook).

Details
As a user browses through his hard-drive, Windows automatically analyses every file of the current directory, so as to allow the system to display the matching icon as well as file informations.

When Windows must analyse a shortcut (*.lnk), the system determines the properties of the file indicated by the link using its structure

Solution:
Microsoft was notified on 11/17/2003 and are planning on getting this fixed as part of the next service pack.

http://www.securiteam.com/windowsntfocus/6X00B0A95I.html

Discussion is locked