When a program like MS Word is being written there are millions
of lines of computer code being used. The possibility of human
error when writing the code in inevitable and because there
is no obvious signs of the error in the code the developer
can overlook it.
Earlier this year a hole was found in various Microsoft Operating
systems that allowed an attacker, who had made a graphic file
( WMF ) in a certain way, remote control of a users computer
when they opened the graphic. All a user had to do was to
visit a site that the graphic was being used on and they were
"Windows Metafile exploit from December 2005. Uses
a little-known feature of Windows Metafiles to execute arbitrary
code, including malware. The exploit, a genuine zero-day attack,
was allegedly purchased for $5,000 from a Russian hacking
group. Seven months after Microsoft issued a patch, it’s
still widely used by cybercriminals."
Explabs - Exploit Prevention Labs - August 2006 Exploits
Exploit Prevention Labs keep an eye out for what's happening
with current software holes. According to Explabs in August
2006 a program called Webattacker that can be bought from
as little as little as $20 was the most used attacking software
used. It is updated regularly to include attacks on newly
found software holes.
Only recently there was a new hole or vulnerability found
in Internet Explorer. Code for attackers was posted on the
Internet. Microsoft have not issued a patch for this hole
and there is currently no known workaround. The new Internet
Explorer problem is related to an ActiveX control (Microsoft
DirectAnimation Path) that's part of the "daxctle.ocx"
COM object. An attacker who successfully exploited the vulnerability
could hijack the computer.
Read more about this problem from Microsoft's
So what can a user do to stop themselves being attacked through
a hole in their programs?
If a user runs in administrator mode they will always have
a chance of being infected by a newly found hole. The attacker
will have the option to install the malware whereas if a user
was running as a restricted user then the attacker could not
install the malware.
Users can also use products like Explabs SocketShield.
This is an excellent piece of software that is updated as
soon as new holes are found. They already provide protection
from the new Internet Explorer hole.
New vulnerabilities command a lot of money from attackers.
People who find a new hole in software can go to Hackers and
malware writers and sell the details of the hole for substantial
amounts of money as was seen with the WMF exploit. It goes
without saying that there will be more and more rogue software
engineers looking for software holes because of the monetary
benefits. Maybe if Microsoft payed these guys for finding
holes we could all rest a bit easier when surfing the Internet.
Steo - 16 Sep 2006