Another Microsoft vulnerability: cursors and icon files

Posted by Pile (8987 views) Add this story to MyYahoo Add this article to del.icio.us Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]


CERT writes, "Microsoft Windows contains multiple vulnerabilities in the way that it handles cursor and icon files. A remote attacker could execute arbitrary code or cause a denial-of-service condition."

In other words, yet more vulnerabilities in core Widnows routines which make IE and other systems vulnerable to exploitation by visiting web sites which load these files. Be especially wary now of the favicon.ico files which most web sites load which give you those cute little icons next to the web address in your browser.. they can cause your computer to be compromised.

If a remote attacker can persuade a user to access a specially crafted bitmap image, icon, or cursor file, the attacker may be able to execute arbitrary code on that user's system, with their privileges. Potentially, any operation that displays an image could trigger exploitation; for instance, browsing the file system, reading HTML email, or browsing websites.

Details

 

 

Comments

 
Name: (change name for anonymous posting)
Title:
Comments:
   

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.5] (c) 2005, PCS