Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerability in Animated Cursor Handling

Posted by Zonk on from the mind-those-hilarious-icons dept.

MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."

3 of 338 comments (clear)

  1. Re:This old? by Anonymous Coward · · Score: 0, Flamebait

    It could pay very well to keep ploits such as this one

    WTF is a "ploit"? Is it really that hard to type those two extra letters?
  2. Re:Why would my cursor run as root? by Bromskloss · · Score: 0, Flamebait

    go ahead and issue "rm -rf ~"

    Ah, I do that all the time. It's refreshing. Fortunately, I store all my data outside my home directory.

    --
    Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
  3. Re:Why would my cursor run as root? by jfengel · · Score: 0, Flamebait

    Root exploits have the ability to screw other users besides you, and I think that's where the Slashdot ethos comes in. If you screw yourself it's because you weren't l33t enough to protect yourself. If you get screwed by some other user because the OS didn't protect you, then your l33t-ness goes down.

    So everybody's willing to accept a system that lets users screw themselves (ha ha!) but not you. And running a system that gives you the rope you need to hang yourself means you must be pretty l33t since you're too smart to fall for any traps.