Lotus Notes WMF vulnerability



This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.


So, once again, I’m left warning you to be cautious and be suspicious of unsolicited links, images and emails. A patch from Microsoft may be some time off. From what I’ve read some antivirus vendors are not encouraged that it will be a quick fix.

Related Posts

Blog Traffic Exchange Related Posts
  • Hexblog (WMF unofficial patch) back up Yesterday the hexblog, which is the site of the person that wrote the unofficial patch for the WMF exploit, was offline for bandwidth over use. Several mirror sites popped up to host the patch. Today the site is back up at http://www.hexblog.com/ in a more minimal form. It's suggested if......
  • Exploit Thursday - this months winner - Powerpoint The SecurityFix reminds us of what usually comes close behind Patch Tuesday.... exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There's a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to......
  • RealVNC 4.1.2 update to patch security vulnerability A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I've seen,......
Blog Traffic Exchange Related Websites
  • Learning to Play the Trombone When a trombone begins to display its power, nothing can stop it. The trombone is an incredible instrument, offering power and beautiful music. There is not much that is as impressive as a group of trombones playing in tune. Trombones have many places in music, including marching band, symphony, concert......
  • Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
  • Buying versus Renting A while ago, the New York Times offered an interactive graphic, which allows you to enter all the variables you need to determine whether you come out ahead buying vs renting. You are able to enter the price for the house, rent of a similar house, down payment, interest rate......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site