Slashdot Mirror
Zero Day Exploit Found in Windows Media Player
filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."
Seems to be a bit like finding holes in swiss chese... inevitable....
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
..., it's a flaw. I'll be impressed if someone can do anything with a 4 bytes heap overflow that happens at a single spot in the program they don'T control. Under ideal circumstances, they'll be able to tamper an integer in WMP.
as people have commented, then why is it zero day? Doesn't zero day mean there is an exploit already?
Doesn't affect my Vista machine. Nor my XP Pro machine running IE7 + WMP 11.
Seeing things like this, I can't help but wonder what it might look like if every time a flaw was discovered in *Nix, and a security advisory (even if barely remotely applicable, as in this case) were released,and slashdotted. Maybe this post is flamebait too (seems to be my trend as of late), maybe not. But the title of this particular post, is pretty misleading.
0 day flaw! Congratulations. It's software. I still play games that if they run for more than 2 hours I'm lucky. The real problem is the testing, and the coding that goes into these. You fix one thing, and something else inevitably breaks.
How often does a kernel update in Linux break something that you now have to update, or sometimes roll back alltogether because they won't work.
This post is as Overdramatic as going nuts every single time something in Linux broke or didn't work right. Sometimes MS deserves to be thumped on the head. This time though, seriously, come on. Tell you what, run your 4 byte program that is gonna hax0r my computer. I invite it, might give me something to do.
MS makes quick and dirty shortcuts, to get better performance, bypassing security in the process.
Um, what quick and dirty shortcuts? MS uses the same protection model every other x86 OS I know of uses. Kernel runs in CPL 0, user processes in CPL 3. Drivers run mostly in CPL 0. In fact, with MS starting to try to push drivers to CPL 3, they're starting to get better than Linux AFAIK. (I think there are some userspace drivers for Linux, but very few. MS is trying to make that the standard for most types drivers I think.)
MS's bugs come from a combination of a few things. One is what seems to be a prevalence of buffer overruns. Second is running in administrator mode by default (note that this is an entirely different animal than what privilege level code executes in), and what seem to be an abnormally large number of other misc design errors.
But the memory model is solid.
With NX protection it should be impossible
If you think NX protection makes buffer overrun attacks impossible.. you're living in a dream world. I categorize the types of buffer overrun attacks I know into three types, and NX only solves one of them.
This flaw is not "barely remotely applicable".
The vast majority of Windows users do not run Vista, IE7, or WMP11, even though all are technically available.
So this particular flaw affects most Windows users, and is thus important to those that have to deal with these users and/or their computers.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Speaking of 0-day, what does 0-day mean, and why is it placed randomly in front of exciting new exploits?