Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Handling Flaw Puts Windows At Risk

Posted by Zonk on from the don't-click-there dept.

An anonymous reader writes "Microsoft has released word that several image handling flaws may open Windows PCs to Spyware or viruses. From the article: 'We will continue to see this type of vulnerabilities in every major application for the foreseeable future ... It is not just images, but any type of complex file format. This is something that security researchers and hackers have realized to be a weak point in many applications.'"

2 of 287 comments (clear)

  1. Re:When writing a parser, length checking is a mus by tomstdenis · · Score: 0, Flamebait

    And similarly you do the same for encoding. First detect the length the data will be, then check, then encode. When testing make sure your "get_length" and "encode" functions return the same length. [if at all possible use the same code].

    But that would be asking MSFT engineers to use "if" statements... that would be ill-advised as it means THEY WOULD HAVE TO KNOW WHAT THEY ARE DOING FIRST.

    Tom

    --
    Someday, I'll have a real sig.
  2. Re:Critical Bug? by ZhuLien · · Score: 0, Flamebait

    The problem is that unforunately I have to use Windows, but I don't trust Microsoft so no way am I going to use their patches.