Technical Information

Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed.
Detailed Information on the risk:
A remote code execution vulnerability exists in affected versions of Microsoft Windows. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user.

Further information on this exploit is available at : MS10-046