Finjan Identifies Important Vulnerability in Windows Vista’s Contact Gadget

Finjan Inc., a leader in secure web gateway products, announced that a new Windows Vista security update released by Microsoft as part of its monthly security update resulted from security research by Finjan’s Malicious Code Research Center (MCRC).

The discovery of the vulnerability by Finjan’s Malicious Code Research Center (MCRC) and Finjan’s prompt action to alert Microsoft reflect the commitment of the two companies to work together to counter security threats posed by malicious hacker attacks to PC and Internet users.

The vulnerability associated with Windows Vista’s Contact gadget could potentially lead to remote code execution on the Vista platform. An attacker could exploit the vulnerability with minimal user interaction with the Contact gadget that is available in Windows Vista.

Finjan has made a short video showing the exploit in action, available on its web site. Finjan recently presented findings related to the entire field of Widgets and Gadgets, and the implications for vendors using them, in the recent DefCon event held in Las-Vegas during the beginning of August.

Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and worked with Microsoft until a fix was ready to be released to customers.

“This discovery is the latest example of the close cooperation between our Malicious Code Research Center and Microsoft with the goal of securing users from potential malicious attacks,” said Finjan CTO Yuval Ben-Itzhak. “Security is an industry problem and this type of collaboration and cooperation is critical to helping protect people using the Internet.”