A new zero day vulnerability has been detected that might potentially enable hackers to target PCs running all versions of Microsoft Windows, comprising the long-awaited security enhanced Vista. Redmond-based Microsoft has acknowledged that the vulnerability encroaches Vista on its Microsoft Security Response Center Blog. The vulnerability, spotted by a Russian hacker identified simply as NULL, was put across to Microsoft on December 16.
The vulnerability can be exploited via the Windows MessageBox () function and may bring about a memory corruption in the kernel, which results into system crash or hang, as revealed by the Full Disclosure security mailing list. The browser vulnerability is generally troubling because it possibly means that Web users might become infected with malicious software just by making a visit to a booby-trapped site, which would allow a hacker to corrupt rogue software into the Vista-based computer
