Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-045: Windows Explorer Remote Code Excution Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-045: Windows Explorer Remote Code Excution Vulnerability
Vulnerability in Windows Explorer Could Allow Remote Code Execution
MS06-045 - KB921398  (CVE-2006-3281)

Severity:    Important
Replaces:    MS05-016   for Windows 2000, XP SP1, XP SP2, and Server 2003

Affected Software:
       Windows 2000 SP4
       Windows XP SP1 and SP2
       Windows Server 2003 and 2003 SP1
       Windows XP Pro and  Server 2003 x64
       Windows Server 2003 Itanium Based Systems


A flaw in the handling of Drag and Drop events of Windows Explorer could allow attackers to take complete control of a computer.  User interaction is required for this attack to be successful.  The attacker will only have the privileges of the logged in user.  So, users with reduced account privileges will be less at risk then those logged on with administrator or power-user. 

Disabling the Web Client service manually or through group policy can help block known attack vectors until the patch can be applied. 

As this vulnerability has been publicly disclosed, it is recommended that this patch be applied immediately.

Scott Fendley   ( sfendley -at- isc. sans. org)
University of Arkansas

191 Posts
ISC Handler
Aug 8th 2006

Sign Up for Free or Log In to start participating in the conversation!