Public exploits available
On this page
A blended threat elevation of privilege vulnerability exists in the way the SearchPath function in Windows locates and opens files on the system. An attacker could exploit the vulnerability by convincing a user to download a specially crafted file to a specific location, and then open an application that could load the file under certain circumstances.
An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Technical details (analysis)
Internet Explorer could open a specially crafted file from the desktop due to how the application libraries are located on the Windows system. A blended threat in which files may be downloaded to a user’s system without prompting could cause Internet Explorer to unintentionally load that downloaded file from the desktop rather than the Windows system. An attacker could create a specially crafted file and then convince a user to download the file onto the desktop. The user would then have to launch an application that will open this specially crafted file. However, an attacker would have no way to force users to download such files and place the files on the desktop.
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
All the applications not on the effected list.
Release Date: 2009-04-15T00:00:00
Known false positives
The signature can cause a false positive, if legitimate files (like dlls) are accessed via URL.
Microsoft has not identified any workarounds for this vulnerability.