A new, potentially critical vulnerability in Microsoft Windows has come to our attention at Websense Security Labs. A specially-crafted Microsoft Office document can cause the GRE (Graphical Rendering Engine) to crash simply by opening a folder containing the file with Windows Explorer, or clicking on a Word or PowerPoint document email attachment. A compromised Web site can contain a link to an online WebDAV folder holding a malicious document which then opens automatically with Explorer when user clicks on the link.
…(read more)
Full story: Security Labs
Related Posts
- IE 0-Day Shows Microsoft Developer Error
After blogging about the new unpatched vulnerability in Internet Explorer I became curious about something: Why wasn't mscorie.dll linked with the /DYNAMICBASE option? This option enables AS... - Two different 0-day exploits in Internet Explorer
Two different new zero-day exploits were published on December 22.
Remote attackers could use these exploits to take complete control of a
vulnerable system. Websense Security Labs is monitor... - Microsoft sees “unprecedented wave” of Java malware exploits
There has been an "unprecedented wave" of exploits against vulnerabilities in Oracle's Java during the third quarter of this year, according to data from the Microsoft Ma... - One Year of Microsoft Security Essentials
It’s been a busy year for Microsoft Security Essentials. As we observed right after the first week of release, Microsoft Security Essentials had already detected threats on over half a million c... - Microsoft Reveals Stuxnet Worm Exploits Multiple Zero Days (PC World)
PC World - Microsoft released nine new security bulletins--four with an overall rating of Critical this week for the September Patch Tuesday. The big news of the month, though, is the Stuxnet worm. Mi... - Microsoft Mitigation Tool Blocks Adobe 0-Day
Coming just in the nick of time, Microsoft has released version 2.0 of their Enhanced Mitigation Experience Toolkit. This tool forces DEP (Data Execution Prevention) and ASLR (Address Space L... - Microsoft Patches Critical 0-Day Shortcut Flaw
Microsoft has issued an "out of band" update to all versions of Windows to fix a critical vulnerability that has been exploited in the wild for over 2 weeks.
MS 10:046: Vulnerability in Win... - Microsoft 0day: Malformed Shortcut Vulnerability
Today Microsoft updated it’s security advisory, which was initially published last Friday (16th), stating that they’re working on issuing a security patch for this hole. Earlier, malware e... - 0-day flaw discovered in Microsoft Windows
The nightmare of infected USB pen drives is back. Until now the source of infections was the Autorun feature embedded in Windows. Now the problem resides in a Windows flaw (or feature?) when handling... - Microsoft: 10,000 PCs hit with new XP 0day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
View full post on Network World on Secu...
Posted on 07 January 2011. Tags: 0day, engine, Exploits, Found, Graphical, Microsoft, Rendering, Year
