| Patch Name : |
WindowsServer2003-sp2-KB943460-x86-ENU.exe |
| Patch Description : |
Security Update for Windows Server 2003 (KB943460) |
| Bulletin Id : |
MS07-061 |
| Bulletin Title : |
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
| KnowledgeBase : | 943460 |
| Severity : |
Critical |
| Location Path : | WindowsServer2003-sp2-KB943460-x86-ENU.exe |
| Bulletin Summary: |
A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. |
| Superceding Bulletin Id : |
MS10-046 |
| Patch Release Date : |
Nov 13, 2007 |
| CVE Id : | CVE-2007-3896 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Windows Server 2003 for Small Business Server | Windows Server 2003 Service Pack 2 |
| Windows Server 2003, Datacenter Edition | Windows Server 2003 Service Pack 2 |
| Windows Server 2003, Enterprise Edition | Windows Server 2003 Service Pack 2 |
| Windows Server 2003, Standard Edition | Windows Server 2003 Service Pack 2 |
| Windows Server 2003, Web Edition | Windows Server 2003 Service Pack 2 |
|
| File changes |
|
| File Path |
Version |
| %windir%\system32\shell32.dll | 6.0.3790.4184 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB943460 | | -2 |
|
