Researchers show odd ways to attack Vista, odd way to publicize risk in Word


Windows Vista has only been shipping a couple of days, but there's already a bizarre security flaw making the rounds.

Members of the Dailydave

    Requires Free Membership to View

mailing list discussing the voice-command capability in Vista wondered if it could be tricked into running arbitrary code so that an audio file posted on a Web site would actually issue audio commands to a user's machine.

It seems like it would work, under the right, not entirely likely conditions. A user would have to have voice command activated -- and allow an attacker's audio file to play unencumbered -- giving commands to the machine on which the victim was currently working.

Members of the discussion didn't believe the technique could bypass Vista's Account Control.

The original version of this story appeared on sister site

Window on a bad Word

Security researchers aren't always as careful as you'd expect them to be.

On Wednesday, Symantec Corp. posted a video on showing videos of their researchers exploiting new zero-day vulnerabilities .

The video shows researchers running a hostile executable on a target machine. Evidence that it works is the flicker of a Microsoft Word screen as a user launches it. The code executes, closes Word, then restarts it.

The researchers called the stunt a novel way to get the word out about a vulnerability.

The original version of this story appeared on sister site

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: