[VIM] ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
jericho at attrition.org
Wed Feb 10 08:53:28 UTC 2010
On Tue, 9 Feb 2010, ZDI Disclosures wrote:
: ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
: February 9, 2010
: -- CVE ID:
: -- Affected Products:
: Microsoft Windows XP
: -- Vendor Response:
: Microsoft has issued an update to correct this vulnerability. More
: details can be found at:
: -- Disclosure Timeline:
: 2009-07-20 - Vulnerability reported to vendor
: 2010-02-09 - Coordinated public release of advisory
This CVE crosses with MS10-002 / 978207, tracked by OSVDB 61909 "Microsoft
IE Unspecified Crafted URL Handling Arbitrary Code Execution". Per
previous disclosure, this was reported to MS on 2009-11-15.
Your advisory says this affects Windows XP, not MSIE specifically, and
crosses to MS10-007.
Can you clarify please?
More information about the VIM