Microsoft has released 1 security bulletin for the month of May in its usual monthly roundup of security bulletins. Affected versions of Windows include Microsoft Windows 2000 Service Pack 3 and 4. Microsoft Windows Millennium Edition is also affected but the vulnerability is not critical therefore a patch is not being released. Patches are available for
Microsoft Windows 2000 only.
Vulnerability Details:
A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability. This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user.
Download: Security Update for Windows 2000 (KB894320)
View: Microsoft Security Bulletin MS05-024 | Windows Update
News source:
Neowin
Full story:
View Here