News Stay informed about the latest enterprise technology news and product updates.

Researchers show odd ways to attack Vista, odd way to publicize risk in Word

Voice control poses risk to Vista users, if they're really, really incautious; Symantec takes to YouTube to publicize zero-day flaw.

Windows Vista has only been shipping a couple of days, but there's already a bizarre security flaw making the rounds.

Members of the Dailydave mailing list discussing the voice-command capability in Vista wondered if it could be tricked into running arbitrary code so that an audio file posted on a Web site would actually issue audio commands to a user's machine.

It seems like it would work, under the right, not entirely likely conditions. A user would have to have voice command activated -- and allow an attacker's audio file to play unencumbered -- giving commands to the machine on which the victim was currently working.

Members of the discussion didn't believe the technique could bypass Vista's Account Control.

The original version of this story appeared on sister site

Window on a bad Word

Security researchers aren't always as careful as you'd expect them to be.

On Wednesday, Symantec Corp. posted a video on showing videos of their researchers exploiting new zero-day vulnerabilities .

The video shows researchers running a hostile executable on a target machine. Evidence that it works is the flicker of a Microsoft Word screen as a user launches it. The code executes, closes Word, then restarts it.

The researchers called the stunt a novel way to get the word out about a vulnerability.

The original version of this story appeared on sister site

Dig Deeper on Managed network services technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.