Researchers show odd ways to attack Vista, odd way to publicize risk in Word |
 |
By Staff
01 Feb 2007 | SearchSecurityChannel.com |
|
|
Windows Vista has only been shipping a couple of days, but there's already a bizarre security flaw making the rounds.
Members of the Dailydave mailing list discussing the voice-command capability in Vista wondered if it could be tricked into running arbitrary code so that an audio file posted on a Web site would actually issue audio commands to a user's machine.
It seems like it would work, under the right, not entirely likely conditions. A user would have to have voice command activated -- and allow an attacker's audio file to play unencumbered -- giving commands to the machine on which the victim was currently working.
Members of the discussion didn't believe the technique could bypass Vista's Account Control.
The original version of this story appeared on TechTarget.com sister site SearchSecurity.com.
Window on a bad Word
Security researchers aren't always as careful as you'd expect them to be.
On Wednesday, Symantec Corp. posted a video on YouTube.com showing videos of their researchers exploiting new zero-day vulnerabilities .
The video shows researchers running a hostile executable on a target machine. Evidence that it works is the flicker of a Microsoft Word screen as a user launches it. The code executes, closes Word, then restarts it.
The researchers called the stunt a novel way to get the word out about a vulnerability.
The original version of this story appeared on TechTarget.com sister site SearchSecurity.com.
|
