Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Eight Key Open-Source Internet of Things Projects

Open source is key to the development of the Internet of things (IoT). Therefore, the Eclipse Foundation is taking a hard look at IoT for Java developers. In fact, the Eclipse IoT community is making it easier for Java developers to connect and manage devices in an IoT solution by delivering at JavaOne 2014 an open IoT stack for Java developers. Based on open source and open standards, the Eclipse Open IoT Stack for Java simplifies IoT development by enabling Java developers to reuse a core set of frameworks and services in their IoT solutions. In addition to the core Open IoT Stack, a set of industrial frameworks are available to accelerate the process of creating home automation and SCADA factory automation solutions. "Our goal with this is to ensure that Java developers have a free and open-source platform for building IoT solutions," said Mike Milinkovich, executive director of Eclipse. Read more

SMPlayer 14.9 Review – One of the Best Movie Players for Linux

In this article I will overview the main things that make SMPlayer stand out of the crowd, putting it on the top of the video playback applications list. SMPlayer is written in Qt 4.8 and uses MPlayer2 for video playback. Personally I have only words of praise for this player, which is why I decided to write this review. So let’s proceed and see what the most important features of SMPlayer are. Read more

Kano Ships Its First 18,000 Learn-To-Code Computer Kits, Fueled By $1.5M Kickstarter

Kano Computing, a startup that plays in the learn to code space by adding a step-by-step hand-holding layer atop the Raspberry Pi single-board microcomputer to make hacking around with code and learning about computational thinking child’s play, has shipped all the hardware kits in its first batch of crowdfunded orders and pre-orders. Read more

elementary OS: Don't Hate Me Because I'm Beautiful

Ubuntu is a very popular base and it's used by too many systems to count. Ubuntu itself is based on Debian, but for now we’ll stick with Ubuntu. elementary was not supposed to be an operating system, and in fact it started its life just as a collection of themes and a few other packages that allowed users to make Ubuntu look different. The developers soon realized that they could do better than this and made their own operating system. Only two versions of it have been released until now, Jupiter and Luna. They are now working on a third one called Freya, which is in the Beta stages. What is happening with this incredible rate of adoption for this OS and why is it so popular? Read more