Windows non-LAN, wormable RCE 0-day discovered

[+] buster|9 years ago|reply

I'm curious what "don't need to be on the same LAN" means. If it would be exploitable over internet wouldn't you just write that oder even leave the part about LAN out?

[+] rdtsc|9 years ago|reply

Because other remote vulnerabilities weren't exploitable outside the LAN. So while they are "remote" it's a different class of "remote" so to speak.

[+] Kenji|9 years ago|reply

So little information. We will have to wait until this is patched to know more about it, won't we.

[+] mynewtb|9 years ago|reply

I don't understand the LAN bit, does this mean 'over the internet'?

[+] paulv|9 years ago|reply

Yes. Non-LAN meaning the attacker doesn't have to be inside your home/work local network.

[+] rdtsc|9 years ago|reply

LAN means "Local area network". Imagine all the computers in your house connected to your router for example.

They mentioned it because other vulnerabilities could be classified as remote but still only exploitable on the local network. This one is exploitable from anywhere on the internet apparently. So its impact could be more severe.

[+] unknown|9 years ago|reply

[deleted]

[+] ENTP|9 years ago|reply

A wild stab in the dark: remote code execution using a standard codec/library, easily triggered in the context of an ad.

[+] atroll|9 years ago|reply

does this mean that it can be triggered by a web browser ?

[+] disposablename|9 years ago|reply

Clickbait title? Zero info? Windows is evil! To the front of hacker news we go!

[+] anon1385|9 years ago|reply

Are you suggesting that Tavis Ormandy is making this up?

This is upvoted because of the reputations of the people reporting it and because it sounds very serious. It's nothing to do with any kind of anti-Windows agenda.

[+] unknown|9 years ago|reply

[deleted]

27 comments