Reported May 10, 2005 by Microsoft
VERSIONS AFFECTED
|
Windows 98
Windows 2000 Windows XP Windows Server 2003
|
DESCRIPTION
An intruder could cause
the remote execution of code by creating a malicious file that contains
certain HTML characters. A successful exploit could allow an intruder
to take complete control over an affected system. The problem exists
due to the way Windows Explorer processes HTML characters in certain
document fields.
VENDOR RESPONSE
Microsoft released the
security bulletin "MS-05-024, "Vulnerability
in Web View Could Allow Remote Code Execution (894320)," and an
associated patch. In lieu of the patch workarounds can be used to limit
risk. Users can disable Web View on a per system basis or across an
enterprise by using Group Policy, and can block access to ports 139 and
445.