Skip to content
View in the app

A better way to browse. Learn more.

The Armory

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

font alert!

Featured Replies

Windows Flaw Makes Surfing Riskier

 

Also: Hackers may use Outlook e-mail messages to take over your computer.

 

Stuart J. Johnston

 

From the April 2006 issue of PC World magazine

 

Posted Thursday, February 16, 2006

 

« Previous Page 1 2 Next »

 

Attackers have been using increasingly novel means to break into Windows systems--for example, using doctored media files like music, Web graphics, and video. Now joining that roster of dirty tricks are booby-trapped text fonts embedded in Web pages.

 

The bug sleuths at eEye Digital Security found a way to breach Windows' security by exploiting a flaw in how the OS displays text on Web sites. Web designers often use embedded fonts to guarantee that the text on a page will look the same in every browser.

 

All a cyberthug has to do is create a corrupted font on a Web site and wait for unsuspecting visitors. When you view the affected font in Internet Explorer--or in any application that uses Windows to show the fonts in question--the doctored text triggers a buffer overflow, disabling your PC's security and allowing the thug to then take control of your computer. Reading or even just previewing an affected HTML e-mail message in Outlook or Outlook Express can launch the attack too.

 

This flaw affects all versions of Windows, from Windows 98 through XP Service Pack 2, which means the majority of people online are potentially at risk. Microsoft has distributed the patch via Windows Update. You can also get it here.

 

The discovery follows a recent rash of attacks that exploited holes in the way Windows displays certain types of images embedded in Web pages. Smart crackers figured out how to use what are called Windows Metafile (WMF) images to disable a PC's security. (For details, see last month's column.)

 

More than ever, it pays to be careful what you click. These new vulnerabilities are especially troubling because you can compromise your system just by looking at a poisoned e-mail message or Web page.

 

Block Outlook Hole

 

A separate vulnerability affecting Outlook 2000, XP, or 2003 users may give a hacker control of your machine as well. Again, you simply have to open or preview a doctored e-mail to be compromised. Outlook's mishandling of a file format called Transport Neutral Encapsulation, or TNEF, is to blame. The problem is "critical" in Microsoft's eyes because the application uses TNEF when it sends or receives e-mail in the commonly used Rich Text Format.

 

As before, you can run Windows Update to get this patch; you can also download it here.

 

In Brief

 

Winamp Danger: If you open a specially crafted playlist (from a link on a malicious Web site, for example) with version 5.12 of Winamp, you'll end up with a buffer overflow error that could let the bad guys take over your PC. To get the fix, you need to upgrade to version 5.13 or later (go here).

 

Microsoft Small Biz Accounting Glitch: If Microsoft Office Small Business Accounting 2006 gives a nondescript error and crashes every time you start it, reinstall the program's Service Pack 1. Find out more from Microsoft here.

found this at pcworld

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.