On Wednesday 28 December 2005 19:16, Nick FitzGerald wrote: > The fact it was used for installing spyware (and may have been so for > near on two weeks now) simply shows you where the money is these days.
Its a sad state of affairs when $19.95 crapware scams make more money than cleaning out a few bank/egold/epoker accounts. Since WMF/EMF is basically raw access to the GDI API, expect to see quite a few of these bugs. For the curious: - http://msdn.microsoft.com/library/en-us/gdi/metafile_250z.asp For anyone using the Metasploit module (aka crappy wrapper around the original file), keep in mind that for the exploit to work, you need to request a path from the attacking system path ending in .wmf (or .tiff, or .emf, or ...). The exploit has been tested against non-english versions of Windows as well (Polish, Spanish, a few others) and works just fine as long as DEP is turned off. -HD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
