Home / bulletins

MS07-061 – Critical: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) - Version:1.1

Posted on 22 November 2007

There is an newer version: MS07-061 - Version: 1.2

Severity Rating: Critical - Revision Note: Bulletin updated to clarify that this bulletin only replaces MS06-045 and does not replace MS07-006.Summary: This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.

Link

Other versions

 

TOP