Microsoft’s digital rights management system is helping hackers take over computers.
According to Boing Boing, the msnetobj.dll library, an ActiveX Network Object, “is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer’s owner from disabling” the library.
However when it is not in the job of telling you what files you can and can’t open on your computer, msnetobj.dll is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow.
Basically the problems are caused when an attacker convinces a victim user to visit a malicious website. The hacker could then exploit these holes to run malicious code on your system.
The vulnerability was found by Asheesh Kumar Mani Tripathi who has written some code and revealed details of the method of attack here .
At the heart of the problem is the fact that the “GetLicenseFromURLAsync” function does not handle input correctly.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
If the hacker fails in the exploit attempts, the browser crashes and it is good night Vienna.
There has been no word from Microsoft about the problem yet.