Vulnerability in Windows Explorer Could Allow Remote Code Execution
MS06-045 - KB921398 (CVE-2006-3281)
Replaces: MS05-016 for Windows 2000, XP SP1, XP SP2, and Server 2003
Windows 2000 SP4
Windows XP SP1 and SP2
Windows Server 2003 and 2003 SP1
Windows XP Pro and Server 2003 x64
Windows Server 2003 Itanium Based Systems
A flaw in the handling of Drag and Drop events of Windows Explorer could allow attackers to take complete control of a computer. User interaction is required for this attack to be successful. The attacker will only have the privileges of the logged in user. So, users with reduced account privileges will be less at risk then those logged on with administrator or power-user.
Disabling the Web Client service manually or through group policy can help block known attack vectors until the patch can be applied.
As this vulnerability has been publicly disclosed, it is recommended that this patch be applied immediately.
Scott Fendley ( sfendley -at- isc. sans. org)
University of Arkansas
Aug 8th 2006
1 decade ago