Home / bulletins

MS10-083 - Important: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) - Version:2.0

Posted on 14 December 2010

Important

Severity Rating: Important - Revision Note: V2.0 (December 14, 2010): Added an update FAQ to announce an additional update for Windows Vista Service Pack 2 (KB979688) for users who have installed Windows Search 4.0 on Windows Vista Service Pack 1, then installed the security update offered in KB2405882, and then migrated to Windows Vista Service Pack 2. Customers in this scenario will need to install the new update offered in KB2405882 to be protected against the vulnerabilities described in this bulletin.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Link

Other versions

 

TOP