Vista exploit: Annoying MySpace pages a threat?

It's only been a day since the first Vista patches were released and two days since the operating system was made available to the public. You know what that means: time for a vulnerability. ZDnet's George Ou reports that Vista's Speech Command feature leaves the OS open to malicious attack by--get this--sound files played back from a website that send commands to the OS. "I recorded a sound file that would engage speech command on Vista, then engaged the start button, and then I asked for the command prompt. When I played back the sound file with the speakers turned up loud, it actually engaged the speech command system and fired up the start menu," Ou wrote. "I had to try a few more times to get the audio recording quality high enough to get the exact commands I wanted but the shocking thing is that it worked! Anyone that's ever visited MySpace knows how many annoying webpages out there that will start blasting loud MP3 music as soon as they enter the page." The obvious workaround here is to disable Speech Command on user's machines. It remains to be seen, however, whether annoying MP3s of Panic! At the Disco can induce a kernel panic.

For more on the strange exploit:
- see Ou's blog entry at ZDnet

Related Article:
December Vista sales strong. Report