vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   XP Shell Vulnerability Threatens Systems. (https://vborg.vbsupport.ru/showthread.php?t=85727)

Brad 12-19-2002 07:23 PM
XP Shell Vulnerability Threatens Systems.
 
Hate to do a copy/paste but im patching and things are slow.

Quote:
A security vulnerability in the Windows XP shell could compromise user systems, letting attackers take over machines and run malicious code. The vulnerability affects all XP versions--XP Home Edition, XP Professional Edition (including the 64-bit version), XP Media Center Edition, and XP Tablet PC Edition--and takes advantage of an XP feature that lets the system extract information from audio files in MP3 and Windows Media Audio (WMA) formats.
"An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files," a Microsoft security bulletin that describes the vulnerability reads. "A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw."

An attacker could use the vulnerability to create a bogus or compromised audio file that contains executable code that's accessible through the file's metadata information. A user can trigger the code by retrieving the file from a file-sharing service, through email, or from some other online location, then holding the cursor over the file in the Windows Explorer shell. Malicious code in the file could crash the shell or unleash an attack that creates, modifies, or deletes data; reconfigures the system; or reformats the hard disk. Although security researchers originally viewed this problem as a Windows Media Player (WMP) vulnerability, Microsoft says the vulnerability is in the XP shell, not in the player.

XP users who have enabled Auto Update are already protected against this vulnerability. Other XP users can download a fix from Windows Update.
Read more

Cypher720 12-19-2002 07:32 PM
well....just downloaded the latest updates 30 mins ago! looks like im ahead fo the game:)

filburt1 12-19-2002 07:37 PM
[high]* filburt1 is happy he put Windows 2000 on instead of XP after formatting and that his iBook suffers from virtually no virus threats or security holes :D[/high]

Brad 12-19-2002 07:40 PM
Mac OS is lessed used so naturally your not ganna have as many bugs found :p.

assassingod 12-19-2002 07:57 PM
Windows 2000 has more secruity holes than Courtney Love's Personalitly.

filburt1 12-19-2002 08:23 PM
Quote:
Originally posted by Anime-loo
Mac OS is lessed used so naturally your not ganna have as many bugs found :p.
OS X is Unix. Bow down!

Brad 12-19-2002 10:17 PM
Its not pure unix, and it begin unix in no way means it has more or less bugs then windows. Im no M$ fan myself, and the point of Mac OX X begin unix in no way effects that fact that it is less common. Thus less bugs will be found. Fact is that if more people used a Mac, there would be more bugs found.


All times are GMT. The time now is 03:12 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01658 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete