CVE-2011-3397

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Server 2003 version SP2

Description A remote code execution issue exists in the Microsoft Time component, allowing attackers to execute arbitrary code via a crafted web site. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user when a user views the page.

Recommendations For Microsoft Windows XP versions SP2 through SP3, consider restricting access to the Microsoft Time component until a fix is available. For Microsoft Server 2003 version SP2, avoid using the affected component in Internet Explorer to minimize the risk of exploitation.