Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in zipped folders may allow code execution (873376) Vulnerability Scan
Vulnerability Scan Summary
Acertains if hotfix 873376 has been installed
Detailed Explanation for this Vulnerability Test
Arbitrary code can be executed on the remote host through Explorer.
The remote version of Windows is vulnerable to a bug in the way it handles compressed
(zipped) folders, which may in turn be exploited by a possible hacker to execute arbitrary
code on the remote host.
To exploit this flaw, a possible hacker would need to send a specially crafted .zip
file to a victim on the remote host and wait for him to browse the file using
the Windows Explorer.
Microsoft has released a set of patches for Windows XP and 2003 :
High / CVSS Base Score : 8
Click HERE for more information and discussions on this network vulnerability scan.