Microsoft Security Announcement MS07-061 - Serious
Vulnerabilities in Windows URI processing may allow remote code execution (943460)
thisrenewEliminates a publicly reported vulnerability. There is a remote code execution vulnerability in the way Windows Shell handles specially crafted URIs passed to it. If Windows Shell does not fully verify these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft only recognizes the way this vulnerability is exploited on systems using Internet Explorer 7. However, this vulnerability exists in Windows files included in all supported versions of Windows XP and Windows Server 2003.
This is a critical security update for all supported versions of Windows XP and Windows Server 2003. For more information, see "Affected and Unaffected" in this sectionsoftware”Subsection.
This security update eliminates this vulnerability by changing the way Windows Shell handles invalid URIs. For more information about vulnerabilities, see the FAQ subsection for specific vulnerabilities under the next section, “Vulnerability Information”.
This security update also resolves the vulnerability that was first described in Microsoft Security Bulletin 943521. For more information about vulnerabilities, see the FAQ subsection for specific vulnerabilities under the next section “Vulnerability Information”.
suggestion. Microsoft recommends that users apply this update immediately.
Patch address: (XP)/download/3/d/6/3d617a25-b3cc-4fe1-8308-1aa1eb6dcdee/
Vulnerabilities in Windows URI processing may allow remote code execution (943460)
thisrenewEliminates a publicly reported vulnerability. There is a remote code execution vulnerability in the way Windows Shell handles specially crafted URIs passed to it. If Windows Shell does not fully verify these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft only recognizes the way this vulnerability is exploited on systems using Internet Explorer 7. However, this vulnerability exists in Windows files included in all supported versions of Windows XP and Windows Server 2003.
This is a critical security update for all supported versions of Windows XP and Windows Server 2003. For more information, see "Affected and Unaffected" in this sectionsoftware”Subsection.
This security update eliminates this vulnerability by changing the way Windows Shell handles invalid URIs. For more information about vulnerabilities, see the FAQ subsection for specific vulnerabilities under the next section, “Vulnerability Information”.
This security update also resolves the vulnerability that was first described in Microsoft Security Bulletin 943521. For more information about vulnerabilities, see the FAQ subsection for specific vulnerabilities under the next section “Vulnerability Information”.
suggestion. Microsoft recommends that users apply this update immediately.
Patch address: (XP)/download/3/d/6/3d617a25-b3cc-4fe1-8308-1aa1eb6dcdee/