Public exploits available
On this page
A remote code execution vulnerability exists in Windows Explorer because of the way that Windows Explorer handles Drag and Drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message.
An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. User interaction is required to exploit this vulnerability.
Technical details (analysis)
The vulnerability is caused by improper handling of Windows Explorer's Drag and Drop events. An attacker who could successfully convince a user to visit attacker's web site and save a specially crafted file to the affected system could take complete control of the users system.
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
All applications not on the affected list.
Release Date: 2006-08-08T00:00:00
Known false positives
No known false positives at this time.
Disable the Web Client service
Use the Group Policy settings to disable the WebClient service on all affected systems that do not require this feature.
Disable the file: protocol handler.