Threat Level: green Handler on Duty: Russ McRee

SANS ISC: MS06-045: Windows Explorer Remote Code Excution Vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-045: Windows Explorer Remote Code Excution Vulnerability
Vulnerability in Windows Explorer Could Allow Remote Code Execution
MS06-045 - KB921398  (CVE-2006-3281)

Severity:    Important
Replaces:    MS05-016   for Windows 2000, XP SP1, XP SP2, and Server 2003

Affected Software:
       Windows 2000 SP4
       Windows XP SP1 and SP2
       Windows Server 2003 and 2003 SP1
       Windows XP Pro and  Server 2003 x64
       Windows Server 2003 Itanium Based Systems

Description:

A flaw in the handling of Drag and Drop events of Windows Explorer could allow attackers to take complete control of a computer.  User interaction is required for this attack to be successful.  The attacker will only have the privileges of the logged in user.  So, users with reduced account privileges will be less at risk then those logged on with administrator or power-user. 

Disabling the Web Client service manually or through group policy can help block known attack vectors until the patch can be applied. 

As this vulnerability has been publicly disclosed, it is recommended that this patch be applied immediately.

--
Scott Fendley   ( sfendley -at- isc. sans. org)
University of Arkansas
ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!