Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Exploit Surfaces on Russian Hacker Site

Posted by Zonk on Friday December 22, 2006 @07:53AM from the exploits-show-up-in-the-funnest-places dept.

Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."

2 of 103 comments (clear)

Min score:

Reason:

Sort:

Re:curious by minus_273 · 2006-12-22 08:03 · Score: 4, Informative

probably a lot more if you can use it to get a lot of zombies and bots for DDOS attacks and SPAM. I'm thinking the SPAM alone should cover the cost if you can get an installed base quickly.

--
The war with islam is a war on the beast
The war on terror is a war for peace
Re:Fscking Visual Basic by tlhIngan · 2006-12-22 09:16 · Score: 4, Informative

I just read TFA. Let me get this straight. The exploit is in MessageBox()?
Awesome.

All I can say is... OUCH.

MessageBox() is a fairly commonly used API (it's used to display a message box, with optional icon (none, alert, caution, etc.), and buttons (yes/no, yes/no/cancel, ok/cancel, ok, etc). It's the most trivial way to do a quick debug, or pop up an error message. It's probably one of the most commonly used functions, as well.

Wonder what Microsoft did to break MessageBox(). Considering how often it's used...