Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

World’s smallest i.MX6 module has onboard WiFi, eMMC

Variscite unveiled a 50 x 20mm “DART-MX6″ module that runs Linux or Android on the Freescale i.MX6, with up to 64GB eMMC flash and -40 to 85°C support. Variscite’s claim that the 50 x 20mm DART-MX6 is the world’s smallest computer-on-module based on Freescale’s i.MX6 system-on-chip appears to be a valid one. It beats the smallest ones we’ve seen to date: TechNexion’s 40 x 36mm PICO-IMX6, and Solid-Run’s 47 x 30mm microSOM i4. It’s also just a hair larger than Variscite’s own 52 x 17mm DART-4460, which is based on a dual-core TI OMAP4460 SoC, and Gumstix’s slightly larger 58 x 17mm Overo modules, which use TI Sitara AM37xx SoCs. Read more

BQ Aquaris E4.5 Ubuntu Edition review

The BQ Aquaris e4.5 Ubuntu Edition is not the debut Canonical must have envisaged for Ubuntu Phone, in the early days of the platform’s development. It’s a perfectly functional smartphone for the most part, and we like the concept of scopes, but the hardware is humdrum, performance is sluggish, and the software running on it is rough and ready, and full of holes. We’ll be tracking the progress of Ubuntu Phone with interest – it surely must get better than this – but this first device is one to write off to experience. Read more