Summary: New exploit takes advantage of Microsoft DRM (remotely-exploitable vulnerabilities), Engadget reviles DRM

Exploit-db.com has this new entry titled "Microsoft DRM Technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities"

"Sort of what the FSF was saying back in the day MS released Vista with its flood of DRM embedded in it," remarked Chips B. Malroy on it. Here is what boingboing.net had to say about it:

Microsoft's DRM makes your computer vulnerable to attack

The msnetobj.dll library is an ActiveX control used by Microsoft's DRM; it is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer's owner from disabling it or interfering with it.

"DRM Library From Microsoft Opens Your Computer to Attacks," said IDG a few days later, citing boingboing.net.

"The msnetobj.dll library, an ActiveX Network Object, is no exception: according to BoingBoing, msnetobj.dll “is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer's owner from disabling” the library.

"Aside from mandating what sort of files you can and can’t open on your computer, msnetobj.dll is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow. Exploit Database notes that “this issue is triggered when an attacker convinces a victim user to visit a malicious website” and that a hacker could then exploit these holes to run malicious code on your system."

An Engadget editor goes against DRM (very publicly in fact) some time during the weekend. Who can possibly blame him?

It's been said so many times, but I just got stung hard by the DRM bug, and since there's a "Senior Associate Editor" next to my name somewhere I get to complain about it. Now, if you're a regular consumer with a modicum of common sense, nothing I'm going to say here will come as a surprise or revelation. You're welcome to come along for the ride, but I'm pointing my quivering pen today at the media execs and their willing technologist accomplices that have the nerve in 2010 to enforce HDCP and other completely inane DRM and copy protection schemes to "protect" their content from theft...

The genesis of DRM and its conception was partly rooted in Bill Gates about a decade ago. It wasn't until Vista that they made it part of Windows (Vista 7 has that too). ⬆

“[Vista DRM] seems a bit like breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.“

--Peter Gutmann