WMF exploit through indexing software



One of the vectors that has been mentioned early on is the infection of a system through the WMF exploit even when the exploited file was downloaded through a dos command shell. At first this seemed absurd, but it appeared that Google Desktop search was indexing files dynamically and once the file was downloaded it indexed the file and triggered the vulnerability. There is word that Microsoft’s indexing service does likewise – although Microsoft has only said that they’re “looking into reports”. Incidents.org is saying that they think this may be the giant white elephant no one is talking about. I certainly would shudder to think if machines on a network are indexing a network share and manage to subvert every machine running an indexing share….


Along the same lines… in the Kaspersky labs viruslist blog, they note that they suspect the vulnerability isn’t actually within shimgvw.dll even though unregistering it works around the problem in some cases. They note that given that other apps can be exploited EVEN WITH THE unregister workaround, that the flaw is likely in gdi32.dll

This makes sense in light of the third party patch that I reported on earlier. That patch works around the problem by disabling the SETABORT escape functionality in gdi32.dll (Who knows this could be the foundation of an official Microsoft patch, although there may be other breakage from this disabling.)

Related Posts

Blog Traffic Exchange Related Posts
  • Diebold Voting machine vulnerabilities Freedom to tinker brings us this BIG problem. I guess what concerns me most about this, is the way I see it, voter fraud has pretty much gone on since there have been elections. Let's face it, there is always someone, acting officially or not that will jockey for the......
  • Exploits in the wild and other news After perusing the Sans.org handlers diary, there are a few things brewing that should be known. Exploits are in the wild for some of the vulnerabilities addressed by this weeks Microsoft patchfest. There is a Veritas Backup Exec vulnerability and it appears that the Beta of Vista has a network......
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
Blog Traffic Exchange Related Websites
  • Microsoft Plans Emergency Windows Patch for Monday August 2nd Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.  The patch is set to be released on Monday at around 10 a.m. California time.  The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this......
  • New threat: Hackers look to take over power plants LOLITA C. BALDOR, Associated Press Writer WASHINGTON — Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems. Cyber criminals have long tried, at times successfully, to......
  • File Sharing Applications: Another way to be a victim of identity theft… If you are using a peer-to-peer file-sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site