George Ou writes:
Voice command is autoloaded if you calibrate the system and enable Voice commands. You can actually activate voice command mode by saying a certain phrase. If this exploit works, you could say that phrase first and then start your commands. Then you'd say "start", "cmd", "enter", then bark out the commands you want. This assumes it works and that no one near the PC gets suspicious.
"Vista Speech Command exposes remote exploit" | ZDNet (3 Feb 2007)
"Microsoft confirms Vista Speech Recognition remote execution flaw" | ZDNet (3 Feb 2007)
Dan Geer offers a bounty...
I can see it now; all you need is one 0wned host every few feet and you can bark commands to all the others within earshot. First thing you tell them is to join in the sing-along. It would make a great movie scene -- with maybe Richard Clarke looking over his shoulder down a corridor in the Pentagon and saying "Do you hear that?" as a crescendo of "halt-and-catch-fire" rises in the in the distance...
Here's $500 for the first documented case of someone using the white courtesy phone in an airport to page Mr Shootdown, Reese Sett, Sleep Now, or whatever and blanking all the laptops in a concourse. An extra $500 if it's DC National...
Undoubtedly this would make a great scene in parody of a Robert Ludlum movie with Matt Damon and Denzel Washington running through an airport to catch a Lex-Luther type bad guy who looks a lot like Casino Royale's le Chiffre (Mads Mikkelsen).
Comments