Wednesday, August 18, 2010

New code-execution bug found in Windows and 40 apps

When 'safe' files aren't
Microsoft Windows and about 40 applications that run on it are vulnerable to remote-code execution attacks that are "trivial" to carry out, a noted security researcher warned Wednesday.
The flaw involves the way Windows loads "safe" file types from remote network locations, and is almost identical to one that Apple excised in iTunes last week, H D Moore, CSO and chief architect of the Metasploit project, told The Register. He said the bug is “trivial” to remotely exploit, but wasn't authorized to provide additional details about techniques or other vulnerable applications.
http://www.theregister.co.uk/2010/08/18/windows_code_execution_vuln/