WMF exploit through indexing software



One of the vectors that has been mentioned early on is the infection of a system through the WMF exploit even when the exploited file was downloaded through a dos command shell. At first this seemed absurd, but it appeared that Google Desktop search was indexing files dynamically and once the file was downloaded it indexed the file and triggered the vulnerability. There is word that Microsoft’s indexing service does likewise – although Microsoft has only said that they’re “looking into reports”. Incidents.org is saying that they think this may be the giant white elephant no one is talking about. I certainly would shudder to think if machines on a network are indexing a network share and manage to subvert every machine running an indexing share….


Along the same lines… in the Kaspersky labs viruslist blog, they note that they suspect the vulnerability isn’t actually within shimgvw.dll even though unregistering it works around the problem in some cases. They note that given that other apps can be exploited EVEN WITH THE unregister workaround, that the flaw is likely in gdi32.dll

This makes sense in light of the third party patch that I reported on earlier. That patch works around the problem by disabling the SETABORT escape functionality in gdi32.dll (Who knows this could be the foundation of an official Microsoft patch, although there may be other breakage from this disabling.)

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
  • How to Remove SysDefence | Sysdefence Removal Guide Sysdefence is another rogue antivirus application from the wini family. This family of rogues has been quite prolific lately and typically is pushed on computer users through aggressive trojans that will appear on web pages masquerading as an update for flash player or a video codec for a video that......
  • Microsoft releases patch early for WMF exploit Microsoft has released the patch for the WMF vulnerability that's been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th "patch Tuesday". Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks......
Blog Traffic Exchange Related Websites
  • Working after Receiving Social Security at Age 62 There are sound financial reasons for waiting to your full retirement age to claim Social Security retirement benefits.  Delaying Social Security until age 70 can enhance those benefits even more.  Nevertheless, many baby boomers will determine that they must or should begin receiving benefits at age 62. Unfortunately, many retirees......
  • New Options for Investing in Inflation Protected Securities If you have been a regular reader, you know that I am a fan of  I-Bonds and Treasury Inflation Protected Securities (TIPS) as a secure retirement investment that is also an inflation hedge. If you can put them in a tax-deferred account, TIPS may work better, if only because you......
  • How To Hire The Right Web Designer For The Job To the experienced and knowledgeable person, there is nothing so difficult about web designing, however the key point there refers to having the right person for the job. Keep this article in mind just in case you have to outsource an important design project. As long as you are working......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site