And so now word is circulating of a dangerous exploit for Windows Vista. A kernel-level driver attack? A buffer-overrun issue?
Nope -- it's apparently a way to exploit Vista's Speech Control system (which, by the way, is disabled by default) by tricking the user into going to a website that plays soundfiles crafted to trigger commands. This is of course assuming that the speech-recognition system even recognizes the commands as spoken by a voice it's not been trained on in the first place.
Somehow I'm not sure this falls into the same category as stack-smashing.
Leave a comment