Buffer Overflow Trying to Start Internet Explorer and File Explorer

Posted on 2009-04-26
Last Modified: 2013-12-09
I have a Dell desktop running Microsft XP and McAfee Security Center which has suddenly started blocking a "Buffer Overflow" whenever I try to start Internet Explorer or File Explorer.

I have run the McAfee scans 3 times.  It found something the first time (see first two attached files) and I have also run anti-spyware program SuperAntiSpyware twice.  After all scans came back clean I am still getting the Buffer Overflow (see third attached file).  I made sure both programs were updated with the latest files before I ran the scans.

Any suggestions would be appreciated.

Question by:Jerry Paladino
    LVL 5

    Expert Comment


    The problem your narrated is due to a vulnerability caused by boundary error, which can be triggered via Internet Explorer and Windows Explorer when connecting to a file server. This can be exploited to cause a buffer overflow by setting up a malicious share with an overly long name (about 300 bytes) containing no lower case characters.

    Successful exploitation may potentially allow execution of arbitrary code on a user's system but requires that the user is either tricked into connecting to a malicious file server, visit a malicious website, or follow a specially crafted link.

    According to a Microsoft knowledge base article (see "Other References" section), the vulnerability should have been fixed in SP1 for Windows XP and SP4 for Windows 2000. However, the vulnerability has been confirmed on fully patched systems running Windows XP SP1 and Windows 2000 SP4.

    The vulnerability has also been reported in Windows 95, 98, Me, and NT 4.0. Systems running Windows 2003 are reportedly not affected.

    Resolution: it appears that the worm has activated the vunerability in your system. the problem can be resolved by downloading and installing Service Pack 3 for XP on your system.

    if problem still persists, please let me know.
    LVL 16

    Author Comment

    by:Jerry Paladino
    Thank you for your suggestion.  I just looked at "Properties" for "My Computer" and it says that Service Pack 3 is installed.  
    "Microsoft Windows XP Professional Version 2002 Service Pack 3"
    I have to leave for a few hours this afternoon but if have other suggestions I will work through them this evening.
    Thank you again!
    LVL 5

    Accepted Solution


    in order to rule out possibility of malware on your system run ComboFix:
    Download it from here to your desktop and - just to make sure - rename it slightly before issuing the download command:

    Then study the instructions carefully, as this is no easy tool to handle:
    (Note: I f you have a working Windows Install CD, there is no need to install the Recovery Console)

    Run ComboFix from your desktop, disable all antivirus applications as well as file/folder shields and guards that may be running in the background. Remember to not click the CF window while it is running, as this will cause it to freeze.

    ComboFix may reboot your machine, it will also temporarily deactivate your internet connection.

    Finally, post the combofix logfile here as an attachment.
    LVL 16

    Author Closing Comment

    by:Jerry Paladino
    I did not use the ComboFix tool.  I ended up having McAfee's virus removal team log onto the machine remotely and fix the problems.  However, after answering multiple questions on EE myself, I do appreciate the time you took to respond and point me to possible answers.  Thank you again for your time.


    Expert Comment

    I have a bufferoverflow issue too while scanning with MC Afee and it shows trojan files(with some ie5 with deleted status, and winlogon.exe virus which can neither be cleaned/deleted.
    path temporary internet files and continuous buffer overflow.
    Hence I'm not able to proceed with windows update also, due to a bufferflow issue resulting in a hexadecimalnumber error message.
    How can I circumvent this issue, since my OS is already on Windows XP , SP3?

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article ( first and run the tool TDSSKiller ( to get rid of the infection. Once done, and if the …
    It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now