Feeds

IE code execution bug can bite older Windows

Surf, press F1, get pwned

Securing Web Applications Made Simple and Scalable

Microsoft's security team is investigating a security vulnerability in older versions of Windows that allows attackers to execute malware on end user machines.

The bug combines scripts based on Microsoft's Visual Basic language with Windows help files for Internet Explorer. It makes it possible for an attacker hosting a malicious website to remotely run arbitrary code by convincing the user to press the computer's F1 key in response to a popup window.

The vulnerability doesn't threaten users of Windows 7, Windows Server 2008, and Windows Vista, Microsoft's Jerry Bryant wrote here, and so far, there are no reports of attacks that exploit the weakness.

The attack was described on Friday by Maurycy Prodeus of iSec Security Research. The vulnerability is the result of the passing a samba share as a helpfile parameter, he said. The researcher also warned there is a stack based buffer overflow in the winhelp32.exe file when parameters are too long.

Microsoft plans to issue guidance once its investigation is completed, Bryant said. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.