[Microsoft Alert] Microsoft Security Bulletin MS06-015

Vulnerability in Windows Explorer Could Allow Remote Code

Execution (908531)

Issued: April 11, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft

Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior

security updates. See the frequently asked questions (FAQ) section of

this bulletin for the complete list.

 

Vulnerability Details:

A remote code execution vulnerability exists in Windows Explorer

because of the way that it handles COM objects. An attacker would

need to convince a user to visit a Web site that could force a

connection to a remote file server. This remote file server could then

cause Windows Explorer to fail in a way that could allow code

execution. An attacker who successfully exploited this vulnerability

could take complete control of an affected system.

 

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP

Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 and Microsoft Windows Server 2003

Service Pack 1

Microsoft Windows Server 2003 for Itanium-based Systems and

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),

and Microsoft Windows Millennium Edition (ME)

 

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

---