Windows Vulnerability in Animated Cursor Handling
MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."
WTF is a "ploit"? Is it really that hard to type those two extra letters?
Sh!t like this happens in firefox too, and in Opera, and in links, and any other browser you can think of.
No doubt you aren't a programmer, and wouldn't really grasp how complex a piece of software like a web browser really is, and how complex it's interactions with the rest of the operating system are.
Why do you think linux is so clunky and tied together with string, after 15 years of community effort?
Also, mister RTFA, all this exploit does is crash explorer.
I don't need no instructions to know how to rock!!!!
Ah, I do that all the time. It's refreshing. Fortunately, I store all my data outside my home directory.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Root exploits have the ability to screw other users besides you, and I think that's where the Slashdot ethos comes in. If you screw yourself it's because you weren't l33t enough to protect yourself. If you get screwed by some other user because the OS didn't protect you, then your l33t-ness goes down.
So everybody's willing to accept a system that lets users screw themselves (ha ha!) but not you. And running a system that gives you the rope you need to hang yourself means you must be pretty l33t since you're too smart to fall for any traps.
Amazing how in the rush to bash Microsoft, Slashdot overlooks just oh so much.
But I guess it's hard to keep up the drumbeat on the anti-MS FUD machine if you spend too much time in the reality-based community.