=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN519
_____________________________________________________________________

DATE                      : 11/10/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================
http://www.microsoft.com/technet/security/Bulletin/MS06-057.mspx


MS06-057 - Vulnerability in Windows Explorer Could Allow Remote Execution
            (923191)

Affected Software:

   - Microsoft Windows 2000 Service Pack 4
   - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
   - Microsoft Windows XP Professional x64 Edition
   - Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
     Pack 1
   - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
     Windows Server 2003 with SP1 for Itanium-based Systems
   - Microsoft Windows Server 2003 x64 Edition

- From Microsoft Security Bulletin MS06-057:

   Vulnerability Details:

   A remote code execution vulnerability exists in Windows Shell due to improper
   validation of input parameters when invoked by the WebViewFolderIcon ActiveX
   control (Web View). This vulnerability could potentially allow remote code
   execution if a user visited a specially crafted Web site or viewed a
   specially crafted e-mail message. An attacker could exploit the vulnerability
   by hosting a web site that contained a web page that was used to exploit this
   vulnerability. An attacker who successfully exploited this vulnerability
   could take complete control of an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================