Vulnerability in Windows Shell Could Allow Remote Code Execution

Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED



  • Windows XP SP1 and SP2

  • Windows XP 64-Bit Edition Version 2003 (Itanium) and SP1 (Itanium)

  • Windows Server 2003

  • Windows 2000 with SP3 and SP4

  • Windows Me and 9x

DESCRIPTION

A vulnerability exists in drag-and-drop events that could allow an intruder to write to? files on a user's system via malicious Web content. A successful exploit could let the intruder take complete control of a user's system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-008, "Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)," and a patch to correct the problem.





Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish