Researchers show odd ways to attack Vista, odd way to publicize risk in Word

Voice control poses risk to Vista users, if they're really, really incautious; Symantec takes to YouTube to publicize zero-day flaw.

This Content Component encountered an error

Windows Vista has only been shipping a couple of days, but there's already a bizarre security flaw making the rounds.

Members of the Dailydave mailing list discussing the voice-command capability in Vista wondered if it could be tricked into running arbitrary code so that an audio file posted on a Web site would actually issue audio commands to a user's machine.

It seems like it would work, under the right, not entirely likely conditions. A user would have to have voice command activated -- and allow an attacker's audio file to play unencumbered -- giving commands to the machine on which the victim was currently working.

Members of the discussion didn't believe the technique could bypass Vista's Account Control.

The original version of this story appeared on TechTarget.com sister site SearchSecurity.com.

Window on a bad Word

Security researchers aren't always as careful as you'd expect them to be.

On Wednesday, Symantec Corp. posted a video on YouTube.com showing videos of their researchers exploiting new zero-day vulnerabilities .

The video shows researchers running a hostile executable on a target machine. Evidence that it works is the flicker of a Microsoft Word screen as a user launches it. The code executes, closes Word, then restarts it.

The researchers called the stunt a novel way to get the word out about a vulnerability.

The original version of this story appeared on TechTarget.com sister site SearchSecurity.com.

Dig deeper on Application security and data protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close