New bug crashes XP, 2000

SHauKeeN GaBRu

Chardi Kala
<table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" valign="top"><a href=""><arttitle>New bug crashes XP, 2000</arttitle>

[ FRIDAY, MARCH 09, 2007 02:51:38 PM]</td> </tr><script language="javascript">var msid=1740773 var mstatus = false; var sUser, cookiestring; function getCookievalue(strcookie) { var ipos = cookiestring.indexOf(strcookie); var ipos2 = cookiestring.indexOf(';',ipos); if (ipos != -1) { if (ipos2 == -1) ipos2 = cookiestring.length; return unescape(cookiestring.substring((ipos+strcookie.length+1),ipos2));} } try { document.domain=''; cookiestring= document.cookie; cookiestring = cookiestring.toLowerCase(); sUser = getCookievalue('commlogu'); sUserLength = sUser.length; if (getCookievalue('cmssso') =='true') {mstatus=true;} } catch(er) {cookiestring=' '; sUserLength=0;} try { if ((sUserLength > 0) && (mstatus == true) ) {} else { /*document.write('<tr><td valign="top" align="center" bgcolor="#f9eadd">' + 'Surf \'' + 'N' + '\' Earn -' + 'Sign in
' + '
</td></tr>'); */ } } catch(er) {cookiestring=' '; sUserLength=0;}</script><tr> <td align="center" valign="top">
</td> </tr> <tr> <td align="center" valign="top"> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody><tr> <td name="bellyad" id="bellyad" class="text" align="center"> <!-- google_ad_region_start=article --> NEW DELHI: Microsoft has warned of a Windows bug that can crash PCs, requiring users to reboot. All unsaved data would be lost.

The bug, which affects Windows XP and Windows 2000, was first reported two days ago by the security firm Symantec. The flaw is in the OLE32.DLL library file, a required Windows component called during object linking and embedding operations, such as inserting a Microsoft Excel worksheet inside a Word document.

Attackers can exploit the OLE32.DLL vulnerability by creating a malicious Word document, then duping users into downloading the document or opening it when it come in an e-mail attachment. Software that's linked to OLE32.DLL, such as the Windows Explorer file navigator, will crash.

Both Symantec and US-CERT warned that it might be possible for attackers to use the bug to insert their own code on the compromised computer. US-CERT said that though the vulnerability causes memory corruption, it is not clear if this can be leveraged to execute arbitrary code.

Microsoft on its part said that its security team is looking into the bug. "Microsoft is aware of a report of a possible vulnerability and is currently investigating the issue," said a company spokesperson. Both Symantec and US-CERT have recommended users not to open unfamiliar Office documents till Microsoft issues a patch.