WMF 0-day exploit
There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in
Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.
It’s important to realize that ANY link or file that originates from somewhere other than your pc should be considered as a possible route for “bad things” to get into your pc. Image file, document, etc. It doesn’t have to be a program file to be “dangerous” it can simply exploit a vulnerability… in this case it’s a vulnerability with Graphics rendering in Windows that’s previously not been documented. According to SANS it can install a trojan dropper on a fully patched Win XP SP2 machine. The dropper then installs Winhound which is one of the “wolves in sheeps clothing” and will urge you to pay to clean up the infection that it will undoubtedly find.
This appears to affect both Internet Explorer/Firefox – as Explorer automatically opens Windows Picture and fax viewer, Firefox asks if it should open Windows Picture and fax viewer (saying yes and opening in Windows picture and fax viewer triggers the exploit.) It’s possible that DEP (Data Execution Prevention) could prevent the exploit from working. It is unclear if software DEP does, or if only hardware DEP prevents this. Again, any file not originating in the local pc (link’s to files included) should be considered as potentially dangerous… (recall the story of the trojan horse…) Be cautious.
Popularity: 1% [?]
Related Posts - Microsoft was aware of the WMF vulnerability "for years" Bugtraq has an interesting post which picks up on a note in Stephen Toulouse's latest entry on the WMF vulnerability. When I first read the post I was more interested in the way he was responding to allegations of the flaw being an intentional backdoor, but the above bugtraq post......
- NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
- Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
Related Websites - Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
- Synchronize config files between computers Hi all, Today, a small hint for Linux users having DropBox running on their computer. I guess everyone knows what DropBox is. . . If not, feel free to have a look there (and win 250 more mos for me and you at the same time). In one word, DB allows to have a......
- Snapshot of The Best Registry Cleaner The first question that comes to mind is that why on earth do we need a registry cleaner in the first place? What function does it perform and is it worth buying? Experts would say thumping YES to all the questions. There are many reasons that we need to buy......
Similar Posts
- WMF exploit situation summary…
- DoS Exploit for MS-053
- Version 2 of the WMF exploit vs Windows 98 SE
- Update on the WMF exploit – more sites to block
- Exploit for Unpatched Internet Explorer vulnerability