MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
         
23
24 25 26 27 28 29 30
2024
Months
NovDec


Tue, Jan 10, 2006 10:56 pm

Windows Vulnerability in Embedded Web Fonts

Microsoft released a patch today, which is January's "Patch Tuesday", for a vulnerability in the way Windows handles fonts embedded in a webpage. The vulnerability could allow a malicious webpage developer, or someone who has compromised a website, to install an embedded font on a webpage such that when a user views the webpage the user's system could be compromised, potentially even allowing a remote attacker to take complete control of the user's PC.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Mon, Jan 02, 2006 11:45 pm

WMF Vulnerability Could Allow Remote Code Execution

Code that will allow attackers to compromise a Windows-based PC using a vulnerability in the way such systems handle images has been posted online over the holidays. Exploitation of this vulnerability by attackers could allow them to install spyware on a system or take complete control of it.

The vulnerability is within software that is part of the Windows operating system distribution. The affected software processes Windows MetaFile (WMF) images, but an attacker need only rename an infected WMF file with a JPG, GIF, PNG, or other common graphic file format extension to avoid any block on all WMF files, since a Windows system will examine the contents of files with those extensions and execute the code in them, if they are really WMF files.

An attacker can send infected images by email or put them on a website. The mere presence of an infected file on a system can lead to the system's infection, if file indexing software, such as Google's desktop search utility is presence. When the file is indexed, the exploit is triggered.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo