RE: WMF round-up, updates and de-mystification

It looks like MS has backed off on viewing mail as a possible attack vector. As of today, the advisory (http://www.microsoft.com/technet/security/advisory/912840.mspx) reads: In an E-mail based attack involving the current exploit, customers would have to be persuaded to click on a link within a

WMF exploit

Hi, I like what SANS is saying about the current MS announcement to deliver a patch by Jan 10, 2006, but not earlier: http://isc.sans.org/diary.php This is the interesting part: Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate

Another WMF exploit workaround

For those interested, Core FORCE its a free endpoint security software currently in Beta stage. With it users can configure access control permissions to file system objects independently of the operating System's ACLs and security policy enforcement mechanisms. The default security profiles of

Download Accelerator Plus can be tricked to download malicious file

Product(ONLY TESTED ON): Download Accelerator Plus 7.4.0.2 (unregistered) Test Environment: Winxp Pro sp2 (patch level latest) Risk Type: Rare exception Threat Level: High Vendor website:www.speedbit.com POC screenshots: http://img482.imageshack.us/img482/4205/31uk.jpg

[eVuln] Lizard Cart CMS SQL Injection Vulnerability

New eVuln Advisory: Lizard Cart CMS SQL Injection Vulnerability Summary Software: Lizard Cart CMS Sowtware's Web Site: http://sourceforge.net/projects/lizardcart Versions: 1.04 Critical Level: Dangerous Type: SQL Injection Class: Remote Status: Unpatched

Re: WMF Exploit

On Tue, 3 Jan 2006, Sam Munro wrote: I haven't seen this mentioned yet so I thought I would give you guys a heads-up a very good patch has been written by Ilfak Guilfanovhttp://www.hexblog.com/2005/12/wmf_vuln.html as a tempory solution until ms get their act together. Can be downloaded

New from the MS Advisory

*What's Microsoft's response to the availability of third party patches for the WMF vulnerability? Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006. As a general rule, it is a best practice

Re[2]: [funsec] WMF round-up, updates and de-mystification

Good Day, Tuesday, January 3, 2006, 12:59:22 PM, you wrote: GE The patch by Ilfak Guilfanov works, but by disabling a DLL in Windows. PV I wouldn't say it does that. If you really want to simplify it in the LS extreme, it hides the vulnerable function. LS Think of it as a White Hat Rootkit

Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Response == This is the Cisco Product Security Incident Response Team (PSIRT)'s response to the statements made by Oleg Tipisov in his message with subject Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, posted to

MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:239 http://www.mandriva.com/security/

RE: WMF Exploit

All, I think I was able to get the SAFER mechanism to block this for IE, and any program covered under it. I know that there are other workarounds, but I have found the SAFER approach has stopped every one of these sorts of attacks. I have a vbscript that activates SAFER for IE, and various

Re: WMF browser-ish exploit vectors

Evans, Arian wrote: Due to IE being so content help-happy there are a myriad of IE-friend file types (e.g.-.jpg) that one can simply rename a metafile to for purpose of web exploitation, and IE will pull out the wonderful hey; you're-not-a-jpeg-you're-a-something-else-that-I-can-