Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Just last month, Microsoft released a relatively rare out-of-band patch to protect users from potentially active zero-day attacks against the way Windows handled cursors, animated cursors and icon formats.
The vulnerability was created because the operating system failed to properly check the size of animated cursor file headers within certain files. In short, it was a local (to the end user’s system) buffer overflow. And any users unfortunate enough to visit a maliciously designed website, or even look at the wrong email, could find their system completely owned.
What’s alarming about this vulnerability is that it’s the latest in a growing trend toward remotely exploitable local buffer overflow flaws. Beyond the animated cursor vulnerability (CVE-2007-0038), there has been the Microsoft help file buffer overflow (CVE-2007-1912), the SWF file code execution (CVE-2006-3587), and the WMF code execution vulnerability (CVE-2005-4560), to name a few.
Registered users may log in here.
Login or Register now and get unlimited access.