Servers could then reply with overly-long DNS names, causing a buffer overflow in the victims software.
That would in turn let hackers execute code remotely and possibly take over a machine.
The bug is new and has been around since May 2008.
In other words, it could ages for the fix to be applied broadly.
Surprisingly the bug doesnt affect Android devices.
Kaminsky calls a solid critical vulnerability by any normal standard.
Now, the only question is whether things will get much worse.
source: www.techworm.net
