MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Medium Nessus Plugin ID 35074
SynopsisVulnerabilities in the Windows Shell may allow an attacker to execute privileged commands on the remote host.
DescriptionThe remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it handles saved seaches.
An attacker might use this flaw to trick an administrator to execute a saved search and therefore execute arbitrary commands on his behalf.
SolutionMicrosoft has released a set of patches for Windows Vista and 2008.