Microsoft Windows Search Code Execution Vulnerabilities (10 December 2008)

Last Update Date: 28 Jan 2011 Release Date: 10 Dec 2008 4974 Views

RISK: Medium Risk

Medium Risk

1. Windows Saved Search Vulnerability

A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.

2. Windows Search Parsing Vulnerability

A remote code execution vulnerability exists in Windows Explorer that allows an attacker to construct a malicious web page that includes a call to the search-ms protocol handler. The protocol handler in turn passes untrusted data to Windows Explorer.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Vista
  • Windows Server 2008

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Excel Multiple Code Execution Vulnerabilities (10 December 2008)

10 Dec 2008 4970 Views

Next

Microsoft Windows WordPad Converter Code Execution Vulnerability

10 Dec 2008 5346 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY