<< Back
CVE Number Vulnerability Product Severity Date
MS08-075 Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) Windows Server Critical 10-12-2008

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. Further information on this exploit is available at : MS08-075

Affected Software

Windows Server 2008 for 32-bit Systems
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for x64-based Systems
Windows Vista
Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1