The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Microsoft Windows Win32 API is a set of application programming interfaces for the Microsoft Windows operating system. The Win32 API allows applications to interact with the Windows operating system. The Microsoft Windows Win32 API fails to properly validate function parameters.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with elevated privileges. Any application that uses the Win32 API, such as Internet Explorer or Outlook Express, may be vulnerable.
Apply an update
This update is addressed by Microsoft Security Bulletin MS07-035.
This vulnerability was reported by Microsoft, who in turn credit Billy Rios of VeriSign.
This document was written by Will Dormann.
|Date First Published:||2007-06-12|
|Date Last Updated:||2007-06-12 20:07 UTC|