Trio of Windows flaws opens door to nasties

by admin November 9, 2005 at 9:27 am

Image-handling in the picture…

Three security flaws in the way Windows handles certain graphics files could create an opening for spyware and Trojan horse attacks, Microsoft has warned.

The vulnerabilities relate to how the operating system renders the Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats, Microsoft said on Tuesday in its MS05-053 security bulletin. Two of them could allow a remote intruder to gain complete control over a Windows PC, Redmond warned in the bulletin, the sole one in its monthly patch cycle.

Microsoft has tagged the security bulletin “critical”, its most serious rating. The software maker urges Windows users to install the security update that accompanied the alert as soon as possible to protect against any attacks via the security bugs.

To exploit the flaws, an attacker could craft a malicious image and trick a Windows user to look at it on a malicious website or in an HTML email, for example, according to Microsoft. This type of vulnerability could be a conduit for the installation of spyware, Trojan horses, bots or other harmful programs on an unsuspecting user’s machine.

Full article: