NOTE The Windows Meta File flaw uses images to execute malicious code
on systems. It can be exploited just by a user viewing the image.
Guilfanov??™s release caused a lot of controversy. First, attackers used the information in
the fix to create exploitable code and attacked systems with their exploit (same thing
that happens after a vendor releases a patch). Second, some feel uneasy about trusting
the downloading of third-party fixes compared with the vendors??™ fixes. (Many other
individuals felt safer using Guilfanov??™s code because it was not compiled; thus individuals
could scan the code for any malicious attributes.) And third, this opens a whole new
Evolution of the Process
Many years ago the majority of vulnerabilities were those of a ???zero-day??? style
because there were no fixes released by vendors. It wasn??™t uncommon for vendors to
avoid talking about, or even dealing with, the security defects in their products that
allowed these attacks to occur. The information about these vulnerabilities primarily
stayed in the realm of those that were conducting the attacks. A shift occurred in
the mid-???90s, and it became more common to discuss security bugs. This practice
continued to become more widespread.
Pages:
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150