Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED



  • Windows XP SP1 and SP2

  • Windows XP 64-Bit Edition Version 2003 (Itanium) and SP1 (Itanium)

  • Windows Server 2003

  • Windows 2000 with SP3 and SP4

  • Windows Me and 9x

DESCRIPTION

A vulnerability exists in drag-and-drop events that could allow an intruder to write to? files on a user's system via malicious Web content. A successful exploit could let the intruder take complete control of a user's system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-008, "Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)," and a patch to correct the problem.