Microsoft has released 1 security bulletin for the month of May in its usual monthly roundup of security bulletins. Affected versions of Windows include Microsoft Windows 2000 Service Pack 3 and 4. Microsoft Windows Millennium Edition is also affected but the vulnerability is not critical therefore a patch is not being released. Patches are available for Microsoft Windows 2000 only.
Vulnerability Details:
A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability. This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user.
Download: Security Update for Windows 2000 (KB894320)
View: Microsoft Security Bulletin MS05-024 | Windows Update
Vulnerability Details:
A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability. This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user.
Download: Security Update for Windows 2000 (KB894320) View: Microsoft Security Bulletin MS05-024 | Windows Update
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.