Microsoft Patches Windows Me Flaw

Microsoft Corp. on Wednesday issued a patch for a new critical vulnerability in Windows Me that gives attackers the ability to execute code on remote machines.

The vulnerability is the result of a buffer overrun in the Help and Support Center in Windows Me. Specifically, the problem lies in the URL handler for the "hcp://" prefix, which is used to execute URL links to the Help and Support Center.

In order to exploit the flaw, an attacker would need to create a URL that would execute the attacker's code when the user clicked on it. The attacker could either host the URL on a Web site or send it to a user in e-mail.

More at eWeek

Create a new thread in the UK News comments forum about this subject
This thread is closed for comments
No comments yet
Comment from the forums
    Your comment