Reported February 8, 2005 by Microsoft
A vulnerability exists in drag-and-drop events that could allow an intruder to write to? files on a user's system via malicious Web content. A successful exploit could let the intruder take complete control of a user's system.
Microsoft has released Security Bulletin MS05-008, "Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)," and a patch to correct the problem.