MS10-007 Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Critical - Remote Code Execution This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Max CVSS
9.3
EPSS Score
96.24%
Published
2010-01-22
Updated
2023-12-07