netdef (netdef) wrote,
netdef
netdef

Windows Shell Vulnerability

Vulnerability in the Windows Shell could allow remote code execution.

The vector is Microsoft's WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by the Web View ActiveX control.

Details and workarounds at http://www.microsoft.com/technet/security/advisory/926043.mspx

Public release of exploit code:
http://security.ithub.com/article/Exploit+Code+Published+for+Unpatched+IE+Vulnerability/189904_1.aspx

I would expect that with the public release of the vulnerability details and sample exploit code, we will see rising attacks on this over the coming weekend. It's recommended that people comfortable with editing the Registry go to that first Microsoft link and use the first work around (set the kill bit on the Active X control).
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments