A
vulnerability has been identified in Microsoft Windows, which could be
exploited by remote attackers to take complete control of an affected
system. This flaw is due to a memory corruption error in the Microsoft
Agent when handling specially crafted ".ACF" files, which could be
exploited by attackers to cause a denial of service or execute
arbitrary commands by convincing a user to visit a malicious Web page.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Solution
Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-068.mspx
