|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: WMF Exploit
From: Bill Busby (williambusby2001
yahoo.com)
Date: Thu Dec 29 2005 - 15:34:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It is not only *.wmf extensions it is all files that
have windows metafile headers that will open with the
Windows Picture and Fax Viewer. Any file that has the
header of a windows metafile can trigger this exploit.
--- "Hayes, Bill" <Bill.Hayesowh.com> wrote:
> CERT now has posted Vulnerability Note VU#181038,
> "Microsoft Windows may
> be vulnerable to buffer overflow via specially
> crafted WMF file"
> (http://www.kb.cert.org/vuls/id/181038). The note
> provides additional
> details about the exploit and its effects. Very few
> workarounds have
> been proposed other than blocking at the perimeter
> and possibly
> remapping the .wmf extension to some application
> other than the
> vulnerable Windows Picture and Fax Viewer
> (SHIMGVU.DLL).
>
> Bill...
>
> -----Original Message-----
> From: davidribyrneyahoo.com
> [mailto:davidribyrneyahoo.com]
> Sent: Wednesday, December 28, 2005 4:18 PM
> To: bugtraqsecurityfocus.com
> Subject: WMF Exploit
>
>
> Another quick observation, again, I apologize if
> this information has
> already been posted; I haven't been able to read all
> the posts today.
> The thumbnail view in Windows Explorer will parse
> the graphics files in
> a folder, even if the file is never explicitly
> opened. This is enough to
> trigger the exploit. Even more frightening is that
> you don't have to use
> the thumbnail view for a thumbnail to be generated.
> Under some
> circumstances, just single-clicking on the file will
> cause it to be
> parsed.
>
> David Byrne
>
__________________________________
Yahoo! for Good - Make a difference this year.
http://brand.yahoo.com/cybergivingweek2005/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]