Microsoft Windows Shell Command Injection

Aleph Research Advisory

Identifier

Severity

Critical

Product

Microsoft Windows

Mitigation

Apply patches

Technical Details

Lack of santiziation in SMB share names leads to command injection which allows for remote code execution.

Timeline

01-Mar-17
: Added as ALEPH-2012002.
12-Jul-12
: Public disclosure.

Credit

Adi Cohen

External References