CVE-2010-1263

Name of the Vulnerable Software and Affected Versions Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 Microsoft Office XP SP3 Office 2003 SP3 Office System 2007 SP1 and SP2

Description A remote code execution issue exists due to improper validation of COM objects during instantiation in affected Microsoft software. This allows attackers to execute arbitrary code via a crafted file. An attacker who successfully exploits this issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less affected than those operating with administrative user rights.

Recommendations For Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a newer version that includes the fix for this issue. For Microsoft Office XP SP3, update to a newer version that includes the fix for this issue. For Office 2003 SP3, update to a newer version that includes the fix for this issue. For Office System 2007 SP1 and SP2, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting the use of WordPad and the opening of shortcut files from network or WebDAV shares until a patch is available.