|
Another Microsoft vulnerability: cursors and icon files
Posted by Pile
(9376 views) [E-Mail link]
|
|
CERT writes, "Microsoft Windows contains multiple vulnerabilities in the way that it handles cursor and icon files. A remote attacker could execute arbitrary code or cause a denial-of-service condition."
In other words, yet more vulnerabilities in core Widnows routines which make IE and other systems vulnerable to exploitation by visiting web sites which load these files. Be especially wary now of the favicon.ico files which most web sites load which give you those cute little icons next to the web address in your browser.. they can cause your computer to be compromised. |
If a remote attacker can persuade a user to access a specially crafted bitmap image, icon, or cursor file, the attacker may be able to execute arbitrary code on that user's system, with their privileges. Potentially, any operation that displays an image could trigger exploitation; for instance, browsing the file system, reading HTML email, or browsing websites. | Details | |
|
|