Jump to content
Posted 17 October 2014 - 12:52 AM
Posted 19 October 2014 - 09:38 PM
Remote code means what it says. The application can be exploited and run code from a remote source. The extent of the remote code vulnerability will vary by vulnerability. Some may only need the device connected to a public IP address, some may need something more.
This was the best I could find, in a quick search, about the Windows gadget vulnerability. Basically "Microsoft has said that it has discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run." So it isn't gadgets in particular, just that a "bad" gadget could be created and there isn't a lot in place in the gadget portion of Windows that protects you against it.
Posted 23 October 2014 - 12:45 AM
Thanks for the reply it helped me understand it a little better.
Posted 24 October 2014 - 03:27 PM
Can the gadgets still be exploited if you do not visit any malicious websites or install any malware executables?
And if they still can,then how?
It depends on what the gadget does and if it contains bugs that are exploitable.
For example, if the gadget reads your e-mail AND is vulnerable to an exploit in the e-mail, then yes, it is possible, in theory.
But that doesn't mean it is likely.
It all depends on the gadgets.
SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"
0 members, 0 guests, 0 anonymous users