Severity Rating: Moderate - Revision Note: V1.1 (April 15, 2009): Added FAQs in the section, Frequently Asked Questions (FAQ) Related to This Security Update as well as in the Vulnerability section for CVE-2008-2540 to explain the relationship between CVE-2008-2540 in this bulletin and in MS09-014. Also added Microsoft Knowledge Base Article 959426 as a reference for instructions in implementing SetSearchPathMode in Microsoft Windows 2000.Summary: This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

Read more at: http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx?pubDate=2009-04-15