Read more.Remote code execution security vulnerabilities exploitable via specially crafted image files.
Read more.Remote code execution security vulnerabilities exploitable via specially crafted image files.
The Store app that's not installed with Windows server if IRC.Microsoft has chosen to deploy updates to the Windows Codecs Library through the Windows Store app
I find it amusing and amazing how people can find zero days like this using an image file.
That's is the very reason. People just think it's not possible and write insecure code, and then some clever so and so finds it.
Theoretically all data is just information in memory space so an image could contain data that represents CPU instructions and then if there is a vulnerability in the code that reads the image it could lead to a remote code execution. The expectation is of course loading an image file is not dangerous, where loading anything you don't have control over into RAM is potentially dangerous.
I've looked for this update but it's not showing on my domain controlled machine (In fact little from the store is showing as installed). I hope they are rolling it out as a generic patch too.
They are, you can get it by downloading this image file:
http://www.don'tclickmeyou........
There are currently 1 users browsing this thread. (0 members and 1 guests)