Jump to content

Categories:    Windows      Software      Hardware      Security      Mobile      Internet      Guides
Sponsored Links
Recent Forum Topics
Community Zone
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics

Windows News
Cursor hole puts Windows PCs at risk
Posted on Mar 29 2007 08:29 AM by xper in Frontpage

A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday. The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory. An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.

"Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code," Microsoft said in its advisory.

Such holes are often exploited by cybercrooks to do "drive-by" installations of malicious software. Spyware and remote control tools that turn PCs into drones for the attacker are silently loaded onto vulnerable computers by tricking people to visit a rigged Web site or hacking a trusted site. The Web site for the Super Bowl stadium suffered a recent example of a drive-by attack.

View: SecurityAdvisory

Full story: C|Net News

Your Comment?


with rigged computer code

That computer code is dangerous you know! :P

Seriously, what did they expect it to be, cable box code?
Typical C|Net article. Long on fluff, short on any technical data (with wierd explanations of technical terms and concepts to boot!).
Mar 30 2007 04:41 PM
So why do web pages need to be able to have custom cursors again?
For nothing. But regardless it just sounds like yet-another-buffer-overflow, much like the one that was found in handling of .WMF files not too long ago. Things like that happen...