MS04-024: Buffer overrun in Windows Shell (839645)
High Nessus Plugin ID 13642
SynopsisIt is possible to execute commands on the remote host.
DescriptionThe remote host is running a version of Windows that has a flaw in its shell. An attacker could persuade a user on the remote host to execute a rogue program by using a CLSID instead of a file type, thus fooling the user into thinking that he will not execute an application but simply open a document.
SolutionMicrosoft has released a set of patches for Windows NT, 2000, XP and 2003.