MS06-045: Windows Explorer Remote Code Excution Vulnerability

Published: 2006-08-08
Last Updated: 2006-08-08 19:27:21 UTC
by Scott Fendley (Version: 1)
0 comment(s)
Vulnerability in Windows Explorer Could Allow Remote Code Execution
MS06-045 - KB921398  (CVE-2006-3281)

Severity:    Important
Replaces:    MS05-016   for Windows 2000, XP SP1, XP SP2, and Server 2003

Affected Software:
       Windows 2000 SP4
       Windows XP SP1 and SP2
       Windows Server 2003 and 2003 SP1
       Windows XP Pro and  Server 2003 x64
       Windows Server 2003 Itanium Based Systems


A flaw in the handling of Drag and Drop events of Windows Explorer could allow attackers to take complete control of a computer.  User interaction is required for this attack to be successful.  The attacker will only have the privileges of the logged in user.  So, users with reduced account privileges will be less at risk then those logged on with administrator or power-user. 

Disabling the Web Client service manually or through group policy can help block known attack vectors until the patch can be applied. 

As this vulnerability has been publicly disclosed, it is recommended that this patch be applied immediately.

Scott Fendley   ( sfendley -at- isc. sans. org)
University of Arkansas
0 comment(s)


Diary Archives