An animated cursor can crash Windows

January 8, 2005  1:33 am by Dan, posted in  

This is nuts: simple animated cursor file - not an executable - can crash Windows.

This can be activated by simply going to a website (some websites will load animated cursors specific to their site simply by visiting them) or by having the file in a directory and opening the directory.

How long must Microsoft put up with this sort of attack on their software before they get the idea and make a STABLE operating system!?

Article link here.

End

2 Comments for "An animated cursor can crash Windows"

  1. » Diane Vigil
    01/16/05 @ 3:29 am

    I dunno; you tell me. :-)

    Sorry; I do wish they’d take care of some of these issues, which would mean not driving some of us into the arms of Linux. Thing is, even though those of us who might migrate to a different OS might not be a large percentage, raw numbers might show MS some value here, as well.

  2. » Dan
    01/16/05 @ 1:40 pm

    I wish I could say Microsoft would wake up tomorrow, however, I recall reading that in 1997 a fellow went before a U.S. Congressional Hearing and warned that this type of activity would be shortly occuring - and all I can say at this point (Jan 2005) is: “It’s occuring.”

    As for raw numbers, here are today’s top 10 exploits (16 January, 2005) as found on a website that researches and lists them:
    http://www.k-otik.com/exploits/

    Definition:
    Exploit - a program built to take advantage of a weakness in another program to crash or overtake either the attacked program or the computer the attacked program runs on.

    Numbers 2, 3, 4, 5, 7 and 10 are Microsoft exploits. Number 5 being an add-on utility for Windows 2000.

    Numbers 1 and 8 are Linux exploits.

    The other two are neither Microsoft nor Linux exploits.

    ? 01.13.2005 : Linux kernel i386 SMP race condition Proof of Concept Exploit
    ? 01.12.2005 : Internet Explorer .ANI Stack Overflow Exploit (MS05-002)
    ? 01.11.2005 : Veritas Backup Exec Name Service Remote Universal Exploit
    ? 01.11.2005 : Microsoft WINS Remote Code Execution Exploit (MS04-045)
    ? 01.11.2005 : Microsoft W3Who ISAPI (w3who.dll) Remote Buffer overflow Exploit
    ? 01.11.2005 : Veritas Backup Exec Name Service Remote Overflow Exploit
    ? 01.11.2005 : Windows Improper Token Validation Local Exploit (MS04-044)
    ? 01.07.2005 : Kernel 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit
    ? 12.31.2004 : Microsoft WINS Remote Code Execution Exploits (MS04-045)
    ? 12.31.2004 : Windows NetDDE Remote Buffer Overflow Exploits (MS04-031)

    Hard numbers for today:
    Operating system Top 10 Exploits
    Microsoft 6
    Linux 2

    How much do you want to bet that even if the Microsoft execs known this data (and they probably do) that it’s still ‘business as usual’?

    There will always be exploits as long as there are criminals - this is a given.

    But for an organization with the resources available to it that Microsoft has, the only thing that can be said is, yes, they do make usable software - the only question being - who is using it while it sits on your computer?

    Cheers,
    Dan

Leave a comment ...

There may be a delay in displaying comments, which are moderated due to spammer abuse. Apologies; I appreciate your participation and your comment will be reviewed as soon as possible. Posters must be 18 or older | Privacy Policy

Manage your subscriptions

Archives
xx