The TIFF of Doom!

Subject: General Tech | November 6, 2013 - 04:08 PM |
Tagged: security, Malware, TIFF, windows

A newly discovered flaw in the handling of TIFF image files effects machines running Windows Vista or Server 2008 as well as Office 2003 to 2010 and Microsoft Lync products on WinXP and Win7 with Windows 8 being the only one that does not contain this vulnerability.  According to The Register attack code is launched when the image is display with tricks the "OS into copying malicious code stashed in the file into memory and then hijacking the processor to execute it."

View Full Size

"The software giant said the flaw allows attackers to remotely execute code and install malware on a vulnerable system by sending an email or instant message or convincing a user to open a specially crafted webpage."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register
November 6, 2013 | 07:07 PM - Posted by Anonymous (not verified)

A good reason to make your normal user account on your home computer just a JoeBlow account and not a member of Administrators Group

November 6, 2013 | 08:12 PM - Posted by Anonymous (not verified)

Yes, but windows 8 has the TIFKAM vulnerability, with added adware and usless phone type apps, and other vulnerabilities to ruin your mouse based/desktop gaming experience!

November 7, 2013 | 12:37 AM - Posted by Whaaat (not verified)

Re. Non administrators, makes zero difference with this flaw. most non-administrator accounts are a crock to exploits. you can install Chrome without being admin as it will installs to localappdata in your user profile. Cryptolocker can be installed if your not an admin.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.