Unpatched Windows systems face more security dangers after it has been discovered that new exploits are possible via malicious Web pages and e-mail messages.
The first of the problems relates to Windows and image handling. Symantec Corp. said Friday that the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability could be exploited via browsers or e-mail client software, where users who open an HTML message or Web page bearing an affected image could face security risks.
Another new vulnerability only requires that users click on a site or message, and is called the Windows Kernel ANI File Parsing Crash and DoS Vulnerability. Its vector, a malicious ANI file, could invoke a DoS (denial of service) attack that could bring down unprotected systems.
A third, high risk vulnerability relates to the interpretation of Windows Help files. Some decoding errors during processing could cause a heap buffer overflow that could then be exploited. This vulnerability affects Windows XP SP2 systems as well as earlier versions.