Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Android Leftovers

today's howtos

Mozilla News

  • WebExtensions in Firefox 48
  • Mozilla's WebExtensions API Is In Good Shape For Firefox 48
    Mozilla has announced that for Firefox 48 their WebExtensions API is considered to be in a stable state. They encourage developers looking to develop browser add-ons to begin using this new API. WebExtensions is an API for implementing new browser add-ons/extensions that makes it easier to port to/from other browsers, is compatible with Firefox's Electroloysis, and should be easier to work with than the current APIs. In particular, Google designed portions of the WebExtensions API around Google's Blink extension API.
  • Mozilla a Step Closer to Thunderbird Decision
    The good news is that the folks at Mozilla seem to be determined to find Thunderbird a good home where it will be able to grow and find newfound success. This isn’t surprising. As Surman pointed out in his post, the project is quite popular among those associated with the foundation — but that popularity is also contributing to the problem Mozilla has with keeping the project in-house.