Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is .exe (with no characters before the .), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious .exe program in a folder named Internet Explorer, which triggers a question about whether to unblock the Internet Explorer program.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_xp | Microsoft | * | * |
References
- http://www.securityfocus.com/archive/1/428970/100/0/threaded
- http://www.securityfocus.com/archive/1/429111/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25598
- http://www.securityfocus.com/archive/1/428970/100/0/threaded
- http://www.securityfocus.com/archive/1/429111/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25598