Web View Might Allow Remote Code Execution

Reported May 10, 2005 by Microsoft

VERSIONS AFFECTED

           
Windows 98
Windows 2000
Windows XP
Windows Server 2003

DESCRIPTION

An intruder could cause the remote execution of code by creating a malicious file that contains certain HTML characters. A successful exploit could allow an intruder to take complete control over an affected system. The problem exists due to the way Windows Explorer processes HTML characters in certain document fields.

VENDOR RESPONSE

Microsoft released the security bulletin "MS-05-024, "Vulnerability in Web View Could Allow Remote Code Execution (894320)," and an associated patch. In lieu of the patch workarounds can be used to limit risk. Users can disable Web View on a per system basis or across an enterprise by using Group Policy, and can block access to ports 139 and 445.




Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish