MS06-045: Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
Medium Nessus Plugin ID 22187
SynopsisArbitrary code can be executed on the remote host through the web or email client.
DescriptionThe remote host is running a version of Windows that contains a flaw in the Windows Explorer Drag & Drop handler.
An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a website or view a specially crafted email message and save a file.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.