Microsoft Windows “desktop.ini” Arbitrary File Execution Vulnerability

“The problem is that ‘desktop.ini’ files may contain CLSID references to arbitrary executables in the ‘[.ShellClassInfo]‘ section. This can be exploited to execute arbitrary files with another user’s privileges when the user browses a folder containing a malicious ‘desktop.ini’ file. The vulnerability has been confirmed on fully patched systems running Windows 2000 and Windows XP.”