A buffer overflow vulnerability has been found in Microsoft Windows way of handling JPEG images. By using a specially crafted JPEG file, a remote attacker can execute arbitrary code. This can be done by opening website's, email's or attachments. For more info read US-CERT note, or visit Microcoft Website for the update.

Another vulnerability in Mozilla, Firefox and Thunderbird for the Microsoft Windows platform. Mozilla handles URI's with "shell:" and will invoke external programs for certain file types. An remote attacker can use this vulnerability to execute malicious programs. Visit Mozilla website for updates or use the following steps to disable the shell: protocol handler.

1. Open the browser, type about:config into the location bar, and hit enter.
2. Right click on any value inside the window and select New -> Boolean.
3. A dialog box titled "New boolean value" should appear. Enter " network.protocol-handler.external.shell " (without the quotation marks) and hit enter.
4. A dialog box titled "Enter boolean value" should appear. Enter " false " into this box and hit enter.
Post a comment
Please login for posting a comment on this news item.