AlbertPacino
Explorer
Microsoft Security Bulletin MS05-024 said the patch fixes a remote code-execution vulnerability found in Windows Explorer's file management utility. It involves the way Web View in Explorer handles certain HTML characters in preview fields.
Microsoft rates the vulnerability as "important," the third-highest level of its four-level Maximum Severity Rating system.
Stephen Toulouse, a security program manager for Microsoft's Security Response Center, said the vulnerability could allow an attacker to run or install malicious software on a user's computer, or it could allow an attacker to view or delete files remotely.
Such an attack, however, would require user intervention, he said, because a user would have to click to execute and open a file sent by an attacker. "It's not an automated attack," he noted.
The vulnerability was identified about four weeks ago on a security mailing list before Microsoft had an opportunity to create a patch to repair it. "We believe it puts people at risk," Toulouse said of the public announcement before the patches were made available.
Related Stories: Like it or Not The New Windows Updates have Arrived.
Microsoft ends SP2 download block feature
Source
