A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it’s user interface
for many
years. Right back to and including Windows NT 4.0, it has been
possible to
embed HTML into the task bar, but the OS has always maintained a
sandbox,
from which the HTML has been unable to escape. All this changes
with Windows
Vista. This paper seeks to inform system administrators, users and the
wider community on both potential attack vectors using gadgets and the
mitigations provided by Windows Vista.
The full paper can be found at http://www.portcullis-security.com/
165.php.