Tuesday, February 09, 2010
Today we are releasing MS10-007 to address a URL validation issue generally applicable to the ShellExecute API. How would a malicious user leverage this vulnerability? This issue involves how ShellExecute handles strings that appear to be legitimate URLs, but are malformed such that they result in execution of arbitrary code. Various technologies use ShellExecute to initiate a browser navigation.