Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the Vista Sidebar Contacts Widget.
As you may or may not know – when we presented “The Inherent Insecurity of Widgets and Gadgets” a few days ago at DefCon, we were unable to show a Vista vulnerable widget (5 out of 6 demos is pretty good though…), and presented a “censored” video as a teaser. The reason was that the security bulletin from Microsoft was only scheduled for the 14th (after several delays starting from an initial update scheduled for April…).
Interestingly enough – the severity as noted in the MS Security Bulletin is only “Important” rather than the critical that remote code execution usually means (maybe because the fix is just a one-liner???).
Either way – it out there, and we are proud to be helpful to the security community by providing alerts so that vendors can fix problems that affect the security on the internet. You can see the full uncensored video that shows how simple it is to get full remote code execution with these things below.