When I have a little more time, I’m going to have to try this: there’s an interesting remote exploit for Windows Vista if the user has a microphone, decent speakers and speech recognition activated. The trick is to con the user into allowing the machine to play a sound file of spoken commands, such as telling the computer to shut down or erase all files in the Documents folder and then empty the Recycling bin.
This exploit isn’t likely to affect many people, as it requires a very specific set of circumstances. As for conning the user into playing a sound file, it’s easier than you think. Many people leave their browsers open to a web page while they run off to do other things. It’s possible to construct a page that waits for a specified period of time — perhaps a half-hour, to ensure that it’s likely that the computer is unattended — and then have it play the malicious command after the waiting period has elapsed.
This isn’t a new trick, either: I got my first Mac — a Quadra 660AV, which had out-of-the-box speech recognition capability — to play back recording of me giving it commands. If you’ve seen Sneakers, you might remember the “My voice is my passport” bit. Any of you who’ve read Douglas Hofstadter’s Godel, Escher, Bach: An Eternal Golden Braid might be reminded of how he demonstrated a computer science concept called the Halting Problem through the “This record is unplayable on record player X” story.
Links: