We're a bit worried about the four new Windows vulnerabilities that were found during Christmas holidays...especially since there a nor current patches against them. Windows XP SP2 is immune to some - but not all of them.</p><p align="justify">These vulnerabilities could be used in future viruses - for example in massmailers.</p><p align="justify">They are:</p><p align="justify">* Windows LoadImage API vulnerability. Can be used for remote code execution through crafted bitmaps (.BMP), icons (.ICO), cursor (.CUR) and animated cursor (.ANI) files
* Animated cursor (.ANI) vulnerability that causes system crash. </p><p align="justify">* Help file overflow that can be exploited through crafted windows help (.HLP) files. This vulnerability reportedly also affects Windows XP SP2.</p><p align="justify">* HTML Help Control exploit that uses a number of different vulnerabilities to bypass IE's Local Zone protections in order to run scripts on the host. SP2 is vulnerable.</p><p align="justify">At least this last exploit has already been used for dropping Trojans.</p><p align="justify">While waiting for a patch, we recommend upgrading to Windows XP SP2 and using a browser no one else is using.
On 28/12/04 At 09:13 AM</p>
Read more...
Windows vulnerabilities found over Christmas time
Linear Mode
