| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS08-075 | Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) | Windows Server | Critical | 10-12-2008 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. Further information on this exploit is available at : MS08-075
Affected Software
Windows Server 2008 for 32-bit SystemsWindows Server 2008 for Itanium-based Systems
Windows Server 2008 for x64-based Systems
Windows Vista
Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1