|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: WMF Exploit
From: Justin Myers (masterbofh
gmail.com)
Date: Sun Jan 01 2006 - 14:31:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Apologies if you've already read this, but this is interesting news:
Apparently shimgvw.dll isn't the problem; according to the Kaspersky
Lab blog, gdi32.dll is.
From http://www.viruslist.com/en/weblog?discuss=176892530&return=1
(which talks about an IM worm that uses this):
"Going back to the wmf vulnerability itself, we see number of sites
mention that shimgvw.dll is the vulnerable file.
This doesn't seem correct as it's possible to exploit a system on
which shimgvw.dll has been unregistered and deleted. The vulnerability
seems to be in gdi32.dll."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]