This is news to me: apparently, you can get viruses and other malware from looking at a picture.
The vulnerabilities relate to how the operating system renders the Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats, Microsoft said Tuesday in its MS05-053 security bulletin. Two of them could allow a remote intruder to gain complete control over a Windows PC, Microsoft warned in the bulletin, the sole one in its monthly patch cycle.
[...]
To exploit the flaws, an attacker could craft a malicious image and trick a Windows user to look at it on a malicious Web site or in an HTML e-mail, for example, according to Microsoft. This type of vulnerability could be a conduit for the installation of spyware, Trojan horses, bots or other harmful programs on an unsuspecting user’s machine.
[...]
Bugs in file format handling are increasingly being uncovered. That’s because image formats are complicated, and applications have to support many image file types, experts said. Microsoft in August warned of a similar flaw, which is related to an error in the way Internet Explorer handles JPEG images.
If the JPEG issue surfaced in August, I’m surprised that there hasn’t yet been a widespread attack. It would be easy to get people to click a picture file link in an IM. (via)
No comments
Comments feed for this article