Reported July 13, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
A vulnerability in Windows could allow remote execution of arbitrary code on
the vulnerable system. This vulnerability is a result of a flaw in the way that
Windows Shell launches applications. A potential attacker could exploit the
vulnerability if a user visited a malicious Web site. If the user is logged on
with administrative privileges, the attacker could take complete control of an
affected system. User interaction is required to exploit this vulnerability.
VENDOR RESPONSE
Microsoft has released
bulletin MS04-024, "Vulnerability in Windows Shell Could Allow
Remote Code Execution (839645)," to address this vulnerability and
recommends that affected users apply the appropriate patch listed in the
bulletin.
CREDIT
Discovered by Microsoft.