Friday, September 29, 2006

Windows Shell Vulnerability

Vulnerability in the Windows Shell could allow remote code execution.

The vector is Microsoft's WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by the Web View ActiveX control.

Details and workarounds at

Public release of exploit code:

I would expect that with the public release of the vulnerability details and sample exploit code, we will see rising attacks on this over the coming weekend. It's recommended that people comfortable with editing the Registry go to that first Microsoft link and use the first work around (set the kill bit on the Active X control).

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.