This is probably due to M$ thumbnail generation. You can disable that
and see if it fixes the problem...
[EMAIL PROTECTED] wrote:
I've tested the exploit on XP home and I've found that it does not even need a
single click on my machine. Once the folder containing the file is open (this
was
On Tue, 3 Jan 2006, Sam Munro wrote:
I haven't seen this mentioned yet so I thought I would give you guys a
heads-up a very good patch has been written by Ilfak
Guilfanovhttp://www.hexblog.com/2005/12/wmf_vuln.html as
a tempory solution until ms get their act together.
Can be downloaded
other client apps. Email me at this address if you want me to send it
out to anyone.
Thanks!
-Original Message-
From: Bill Busby [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 29, 2005 1:35 PM
To: Hayes, Bill; [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com
Subject: RE: WMF Exploit
Apologies if you've already read this, but this is interesting news:
Apparently shimgvw.dll isn't the problem; according to the Kaspersky
Lab blog, gdi32.dll is.
From http://www.viruslist.com/en/weblog?discuss=176892530return=1
(which talks about an IM worm that uses this):
Going back to the
I've tested the exploit on XP home and I've found that it does not even need a
single click on my machine. Once the folder containing the file is open (this
was in list view) the exploit will run.
Scary sh*t!
On Fri, 2005-12-30 at 15:40 -0500, Paul Laudanski wrote:
alert tcp $EXTERNAL_NET any - $HOME_NET any (msg:BLEEDING-EDGE EXPLOIT
WMF Escape Record Exploit; flow:established,from_server; content:01 00
09 00 00 03; depth:500; content:00 00; distance:10; within:12;
content:26 06 09 00;
, December 30, 2005 3:41 PM
To: Bill Busby
Cc: Hayes, Bill; [EMAIL PROTECTED]; bugtraq@securityfocus.com
Subject: Re: WMF Exploit
On Thu, 29 Dec 2005, Bill Busby wrote:
It is not only *.wmf extensions it is all files that
have windows metafile headers that will open with the
Windows Picture and Fax
-Original Message-
From: Hayes, Bill [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 28, 2005 6:02 PM
To: [EMAIL PROTECTED]
Cc: bugtraq@securityfocus.com
Subject: RE: WMF Exploit
CERT now has posted Vulnerability Note VU#181038, Microsoft
Windows may be vulnerable
It is not only *.wmf extensions it is all files that
have windows metafile headers that will open with the
Windows Picture and Fax Viewer. Any file that has the
header of a windows metafile can trigger this exploit.
--- Hayes, Bill [EMAIL PROTECTED] wrote:
CERT now has posted Vulnerability
On Thu, 29 Dec 2005, Bill Busby wrote:
It is not only *.wmf extensions it is all files that
have windows metafile headers that will open with the
Windows Picture and Fax Viewer. Any file that has the
header of a windows metafile can trigger this exploit.
Sunbelt Kerio and Bleeding Snort
CERT now has posted Vulnerability Note VU#181038, Microsoft Windows may
be vulnerable to buffer overflow via specially crafted WMF file
(http://www.kb.cert.org/vuls/id/181038). The note provides additional
details about the exploit and its effects. Very few workarounds have
been proposed other
11 matches
Mail list logo