| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS07-061 | Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) | Microsoft Windows | Critical | 14-11-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7.
Detailed Information on the risk:
An attacker could exploit this vulnerability by including a specially crafted URI in an application or attachment, which could potentially allow remote code execution.Further information on this exploit is available at : MS07-061
Affected Software
Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2