02.39.2005 - MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

A privilege elevation vulnerability exists in Windows because of the way that Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability. - Download Microsoft Windows 2000 SP3/SP4 - Download Microsoft Windows XP SP1/SP2 - Download Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) - Download Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) - Download Microsoft Windows Server 2003 - Download Microsoft Windows Server 2003 for Itanium-based Systems - View Microsoft Security Bulletin MS05-008 - View Microsoft Knowledge Base Article - 890047 - Visit Microsoft Corporation