A paper has just been released on the Windows Vista's gadget API. The abstract is as follows:
Windows has had the ability to embed HTML into it’s user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with Windows Vista. This paper seeks to inform system administrators, users and the wider community on both potential attack vectors using gadgets and the mitigations provided by Windows Vista. The full paper can be found at http://www.portcullis-security.com/165.php. Cheers, Tim -- Tim Brown <mailto:[EMAIL PROTECTED]>
