More WMF problems for Windows



I can’t really say I’m surprised, after the big WMF vulnerability of the last couple weeks, I suspected we’d see closer scrutiny of other WMF “vectors”…. but….. The SecurityFix is one of the outlets, that have been reporting on another WMF vulnerability. According to the analysis so far, it can “only” cause a Denial of Service (DoS), not remote code execution. Hopefully, that’s as far as this vulnerability will allow external attackers to mess with a system. *(Basically the DoS could freeze/crash “cause to exit unexpectedly” the program used to view WMF’s)


Apparently, Microsoft is aware of the problem and tags it as a “performance issue”. Apparently the issues are being evaluated for repair in upcoming service packs. It doesn’t sound like a high priority though given no remote code execution vector at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Disinfecting a PC… part 10 Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get's updated from the internet and re-runs. All looks......
  • DoS Exploit for MS-053 Incidents.org has the story on an "in the wild" exploit for MS-053 vulnerability. The patch is out, so if you haven't already - go ahead with the patching. The vulnerability is entitled "Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)". The exploit causes 100% cpu utilitzation on visiting......
  • WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
Blog Traffic Exchange Related Websites
  • Tips for Fire Safety If you want to practice good fire safety, then you are going to need to have a plan in place. If your home or workshop should ever happen to catch fire, you are not going to have much time with which to escape. Smoke fumes are capable of incapacitating a......
  • Windows Help Center Application Pose Grave Threat to Windows XP/Server 2003 "A new vulnerability has been reported to the general public this morning via the “Full-Disclosure” mailing list, and it is quite troubling", stated by Jonathan Davis, an IT Security Consultant in the Washington DC metro area.  He further stated, "There is a vulnerability that exists in the Windows help center......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site