Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-083.
Impact
Successful exploitation will allow remote attacker to arbitrary code by convincing a user to open a specially crafted WordPad file, or open or select a shortcut file that is present on a network or a WebDAV share.
Impact Level: System/Application.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx
Insight
The flaw is caused by an error in the way Windows Shell and WordPad validate COM object instantiation, which could allow attackers to execute arbitrary code.
Affected
Microsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2010-1263 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (969897)
- Microsoft DirectAccess Security Advisory (2862152)
- Microsoft Groove Remote Code Execution Vulnerability (2494047)
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)