Home / bulletins MS07-061 – Critical: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) - Version:1.2
Posted on 18 February 2008
Severity Rating: Critical - Revision Note: Bulletin updated to add KB article information to the Known Issues area of the General Information section.Summary: This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.
Other versions
- MS07-061 - Version: 1.0
- MS07-061 - Version: 1.1
- MS07-061 - Version: 1.2
