WMF 0-day exploit



There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in

Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.


It’s important to realize that ANY link or file that originates from somewhere other than your pc should be considered as a possible route for “bad things” to get into your pc. Image file, document, etc. It doesn’t have to be a program file to be “dangerous” it can simply exploit a vulnerability… in this case it’s a vulnerability with Graphics rendering in Windows that’s previously not been documented. According to SANS it can install a trojan dropper on a fully patched Win XP SP2 machine. The dropper then installs Winhound which is one of the “wolves in sheeps clothing” and will urge you to pay to clean up the infection that it will undoubtedly find.

This appears to affect both Internet Explorer/Firefox – as Explorer automatically opens Windows Picture and fax viewer, Firefox asks if it should open Windows Picture and fax viewer (saying yes and opening in Windows picture and fax viewer triggers the exploit.) It’s possible that DEP (Data Execution Prevention) could prevent the exploit from working. It is unclear if software DEP does, or if only hardware DEP prevents this. Again, any file not originating in the local pc (link’s to files included) should be considered as potentially dangerous… (recall the story of the trojan horse…) Be cautious.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • Firefox 1.5.0.5 out and be cautious with extensions... Well, let's start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool - look for reviews and third party information before installing it. That much said.... never install an extension that comes attached......
Blog Traffic Exchange Related Websites
  • Creating a Blog Video Online About two years ago, blogging hit a surge that allowed its way into the mainstream, and now everybody is blogging for a wide variety of different reasons. Blogs resemble web-based public diaries of sorts, where the creator can record their thoughts, their opinions, questions and answers and essentially anything else......
  • Synchronize config files between computers Hi all, Today, a small hint for Linux users having DropBox running on their computer. I guess everyone knows what DropBox is. . . If not, feel free to have a look there (and win 250 more mos for me and you at the same time). In one word, DB allows to have a......
  • Keep Those Spammers Out With .htaccess File Spammers possess a skill for creating overrides for you to even probably the most guaranteed aspect of the system such as these which are not readily acknowledged as potential locates. The .htaccess file can be used to preserve e-mail harvesters away. That is considered extremely successful since all of these......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site