Windows Vulnerability in Animated Cursor Handling
MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."
[...]
Just for curiosity: How much does something like that pays you ?
'You can either approach every single line of code you write by asking how it will be attacked, or you can write an OS that can be compromised by a damn mouse pointer. There is no in between. All the hoping and wishing and "gee whiz golly, no one would want to hack my code!" Pollyanna naivete in the world won't change it.
'
Even if someone would hack my code with false data and crash it , why should I care, it should not ever lead to anything else than that:a crash of MY program.
So the only need of security my program should have is if it treats something that needs to be secure.
And you seems to live in a binary world, some stuff can be very very very secure....its usually very very very very expansive too....
Ask yourself why.
I just say that internet is now in a state where some money actually have to be spent elsewhere so we can open our windows without having someone coming in the very second it is open.
Do you lock yourself when you are at home in the daylight ?
You are living in a prison or what....
I would have thought they'd have learned about security rings while rebuilding their entire OS from the ground up (as Longhorn was reputed to do).
Legacy applications seem to run rings around security in the M$ world. IE 7 in Vista is safe if you run it in "protected mode" but Outlook! is not. See here for the rest of the information I found, including a summary of proposed mitigation and links to same.
Shit like this is the primary reason I hate Microsoft. The secondary and more important reason is that they force their shit on people by force and deception.
Friends don't help friends install M$ junk.
Actually, jpeg images seem to be able to do it. Advisories are to read email in text mode and use Firefox. Interestingly enough, Tunderbird gets screwed just as bad as Outlook if you don't use it in text mode, highlighting the danger of running anything on Windoze. See here a summary of mitigation and links to same.
Friends don't help friends install M$ junk.
Your rant might be interesting if, perhaps, malicious action were possible with this exploit on Vista. (it isn't)