|MS10-006||Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)||Microsoft Windows||Critical||10-02-2010|
Brief overview of the risk:
The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
Detailed Information on the risk:
A remote code execution vulnerability exists in affected versions of Microsoft Windows. The vulnerability results from the incorrect validation of input sent to the ShellExecute API function. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS10-007
Affected SoftwareMicrosoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Windows Server 2003 with SP2 for Itanium-based Systems
Windows XP Professional x64 Edition Service Pack 2