Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Windows DoS vulnerability

Windows DoS vulnerability

by Nikola Strahija on June 2nd, 2006 A new Microsoft Windows flaw allows hackers to DoS systems, the company is looking into it.


According to the Secunia advisory, the latest bug Microsoft has to worry about is less critical: -The vulnerability is caused due to a boundary error in inetcomm.dll within the processing of URLs with the "mhtml:" URI handler. This can be exploited to cause a stack-based buffer overflow via an overly long URL by e.g. tricking a user into visiting a malicious web site with Internet Explorer or opening a specially crafted Internet shortcut, says the advisory.

Windows XP (home and Proffessional) as well as Windows Server 2003 (Web, Standard, Enterprise and Datacenter editions), all fully patched, were confirmed to be vulnerable.

The flaw was discovered by Mr.Niega, who mentioned that execution of arbitrary code may also be possible, but has currently not been proven as it is prevented by the DEP (Data Execution Prevention) mechanism.

Until the patch solves this issue, Secunia advises users to disable the "mhtml:" URI handler, but this could affect the Windows functionality.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »