Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].


More in Tux Machines

Leftovers: Software

  • Kafka and syslog-ng
    First of all, let me introduce Kafka, a high-throughput distributed messaging system. It was originally developed by LinkedIn as a backbone of a website activity tracking infrastructure. Once open source, it was developed further under the umbrella of the Apache Foundation. In 2014 Confluent was founded to provide enterprise level support to Kafka users. Kafka is now used by major companies, including Netflix, Twitter and PayPal. There are now many more uses for Kafka: message queuing, log aggregation, stream processing or as a commit log.
  • Nmap 7.00 Has Been Released
    As you may know, Nmap is a command-line network exploration tool that supports ping scanning to determine the online hosts, port scanning techniques and TCP/IP fingerprinting for remote device identification.
  • Atom 1.2.4 Has Been Released
  • Vuze 5.7 (Open-Source BitTorrent Client) Has Been Released
  • Aptik 1.6.6 (Backup Software) Has Been Released
    As you may know, Aptik is an open-source application that enables the users to easily perform and restore backups of PPAs, aplications and packages in Ubuntu, Linux Mint, Elementary OS and other Ubuntu derivates.
  • Linphone 3.9.1 Brings Only Bug-Fixes
    As you may know, Linphone is an open-source VoIP service that allows the users to perform voice calls, video calls and text conversations with friends and other Linphone users.
  • Install QGifer 0.2.3 RC2 on Ubuntu
    Up to date packages are available via some third party PPA, so installing the software on Ubuntu 15.10 Wily Werewolf, Ubuntu 14.04 Trusty Tahr, Linux Mint 17.x, Elementary OS 0.3 Freya and other Ubuntu derivative systems is easy.
  • Wireshark 2.0 Has Been Released
    As you already know, Wireshark is an open-source protocol analyzer software, very used for monitoring the network traffic.
  • Kodi 16.0 Beta 2 “Jarvis” Brings Changes

today's howtos

Leftovers: Gaming

Krita 2.9