Reported July 13, 2004, by Microsoft
A vulnerability in Windows could allow remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of a flaw in the way that Windows Shell launches applications. A potential attacker could exploit the vulnerability if a user visited a malicious Web site. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. User interaction is required to exploit this vulnerability.
Microsoft has released bulletin MS04-024, "Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.
Discovered by Microsoft.