Courses/CS 461/Museum of unintended consequences/Most security holes

From CSWiki

Jump to: navigation, search

Most computer security holes are paradigmatic examples of unintended consequences. The problem is that the security hole results from a mechanism that was (in most cases) deliberately included in a system. Its malicious potential was not understood when it was created.

A recent example is the apparent problem that can be caused by WMF files (Windows Metafiles), which are used to add graphics to web pages. Apparently they allow remote code to execute with high privileges. It seems amazingly stupid for Microsoft to have done this. But it appears that simply opening a web site with one of these WMF elements is enough to allow the remote code to execute. See SecurityFocus for a discussion.
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.
From ZDNet.
Retrieved from "http://cs.calstatela.edu/wiki/index.php/Courses/CS_461/Museum_of_unintended_consequences/Most_security_holes"
Personal tools