Microsoft Graphics Component Could Allow Remote Code Execution
07 November 2013
Remote exploitation of a memory corruption vulnerability in multiple Microsoft products could allow attackers to execute arbitrary code on the targeted host. The issue occurs with how the TIFF codec in Microsoft's graphics component handles crafted TIFF files. Processing crafted TIFF files can corrupt system memory and create an exploitable condition.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.
Brian Honan, CEO at BH Consulting, talks about a recent vulnerability disclosure trend – a trend that he believes may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.
Attacks on the IoT can sound like the stuff of a movie thriller, but they are very real. The highly skilled and organized cybercriminals of today have the potential to tamper with a car’s firmware to kill its brakes.