Lotus Notes WMF vulnerability



This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.


So, once again, I’m left warning you to be cautious and be suspicious of unsolicited links, images and emails. A patch from Microsoft may be some time off. From what I’ve read some antivirus vendors are not encouraged that it will be a quick fix.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Vista hardware requirements... Microsoft has started releasing details of the hardware requirements for the upcoming release of Vista. It appears there are two categories of requirements. One is a bare minimum for vista, the other is a minimum for Vista Premium. They're calling the specs Vista Capable and Premium Ready... "Capable" systems will......
  • Web smarts is the main defence against spyware Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your machine from spyware. He sums it up by saying common sense is the best defence. Through the course......
  • Exploit Thursday - this months winner - Powerpoint The SecurityFix reminds us of what usually comes close behind Patch Tuesday.... exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There's a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to......
Blog Traffic Exchange Related Websites
  • Twitter Mouse-Over Flaw Send Users to Dangerous Links On Tuesday morning September 21, 2010, Twitter.com was hacked in a very crafty way.  Twitter users needed to only move their mouse cursor over links on their twitter page to be redirected without the user intervention or permission.  When redirected, they would be sent to malicious and offensive destinations,......
  • Linking To The Top In Google A while back and without much experience, and too much time to kill, after a little work I achieved top ranking for six of my websites for their main keyword phrases. And you know what? Back then it was easy, the main things were your meta tags and getting some......
  • Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site