Windows Vista voice command tricked
An attacker found a way to play audio commands at a user's machine tricking the voice command capability in Vista into running arbitrary code.
It only took security researchers two days to find the first remotely exploitable flaw in Vista. But this one is stretching the definitions of both remote and flaw.
The issue came to light this week on the Dailydave mailing list when a member asked whether the voice command capability in Vista could be tricked into running arbitrary code. The message suggested that an attacker could post an audio file on a Web site and then lure a user into going to the site, at which point the file would play and spew audio commands at the user's machine. The idea was kicked around refined for a day or so on the list until one member was able to make it work .
In order to make the trick work, the user would need to have voice command enabled on his PC and would also need to be somehow caught napping and not interfere during the execution of the commands. The attack is not able to bypass Vista's User Account Control, according to the messages on the list.
