|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: WMF browser-ish exploit vectors
From: James C Slora Jr (Jim.Slora
phra.com)
Date: Thu Jan 05 2006 - 16:36:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dave Korn wrote
> Have you tried giving it a mpg/avi/wma/wmv extension and getting
> it to open in a (perhaps embedded) mediaplayer? That's liable to
> work as well; mediaplayer is also vulnerable to the
>
choose-an-app-based-on-extension/app-loads-a-viewer-based-on-actual-content
> desynchronisation attack...
I have seen at least one cached .wmz (Windows Media Player Skin) file
trigger AV alerts for the WMF exploit (Symantec Bloodhound.Exploit.56) after
having been opened in WMP10.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]