CVE-2008-4269

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version

Description: The issue concerns a remote code execution vulnerability in Windows Explorer. It allows an attacker to construct a malicious web page that includes a call to the search-ms protocol handler, which passes untrusted data to Windows Explorer. This is due to incorrect parsing of parameter data.

Recommendations: For Microsoft Windows Vista Gold and SP1 and Server 2008, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.