NEW exploit for the WMF vulnerability
Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it’s worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was “made by the folks at metasploit and xfocus, together with a anonymous source.”
From SANS
The exploit generates files:
with a random size;
no .wmf extension, (.jpg), but could be any other image extension actually;
a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
a number of possible calls to run the exploit are listed in the source;
a random trailer
What makes it worse is that current IDS rules will likely not stop this new variation. Nor will current antivirus signatures. Also….
Judging from the source code, it will likely be difficult to develop very effective signatures due to the structures of the WMF files.
They suggested re-evaluating any defences against the bug and also mention the unofficial patch at http://www.hexblog.com/2005/12/wmf_vuln.html that I mentioned earlier today.
So in other words batten down the hatches it’s going to be a rocky start to the year in Computer security. Good luck.
–update 7PM EST–
The Security Fix has some coverage as well.
Popularity: 2% [?]
Related Posts - How to Remove Anti-Virus Elite | Anti-Virus Elite Removal Guide Anti-Virus Elite is a rogue antivirus application. These rogue antivirus applications pose as a legitimate security application, but in reality is a scam to try to trick you out of money. They will find and claim that there are multiple security problems with your computer. They will claim that you......
- Opera security patch I saw this earlier today, but had thought it was an issue already covered (just before Thanksgiving there was an opera security update I think.) Anyway... Secunia has an advisory on a security vulnerability in the Opera Web browser. Users are encouraged to upgrade to v. 8.51. The SecurityFix has......
- More on the Windows WMF zero-day exploit There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down,......
Related Websites - Poker Time Get a 100% match bonus up to $200 If you're a poker fan, then there's no better place to wager your stake than at PokerTime. Whether you are a beginner or pro, you'll thoroughly enjoy the wide selection of games that this action-packed poker room has to offer. At......
- Comodo Internet Security Get the highest level of security with the advanced features available through Internet Security Pro 2011. Firewall - Slam the door on viruses with Comodo's unique Default Deny Protection™. Explore Comodo Firewall Antivirus - Scan for and destroy known threats to your PC’s health. Explore Comodo Antivirus Live Security......
- Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
Similar Posts
- WMF exploit situation summary…
- Another update to exploit?
- More testing on the second WMF exploit
- WMF exploit unofficial patch
- Antivirus vs. WMF exploit