Wednesday, January 11, 2006
Just when you thought it was safe to go back in the water
There's a newly discovered Windows bug in the handling of .WMF image files. This is different from the critical WMF bug earlier this year, which was different from the WMF bug last fall.
The new one allows a bad buy to crash your computer if you look at a booby-trapped picture file. Attacks should work in all web browsers.
Microsoft and the discoverer say that this bug can only cause crashes and not machine takeovers. I haven't seen enough evidence to convince me. In general a programming error that lets a bad guy run a program off the rails far enough to crash will also let the bad guy steer it where he wants.
Sigh. Best you can do for now is run an ad blocker and stick to reputable web sites. Antivirus firms may add checks for booby-trapped .WMF files.
|
The new one allows a bad buy to crash your computer if you look at a booby-trapped picture file. Attacks should work in all web browsers.
Microsoft and the discoverer say that this bug can only cause crashes and not machine takeovers. I haven't seen enough evidence to convince me. In general a programming error that lets a bad guy run a program off the rails far enough to crash will also let the bad guy steer it where he wants.
Sigh. Best you can do for now is run an ad blocker and stick to reputable web sites. Antivirus firms may add checks for booby-trapped .WMF files.
# posted by Frederick @ 5:05 PM Email to a friend:
Haloscan: they provide trackback