"Extremely Critical" New zero-day Windows vulnerability being exploited.
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
"Extremely Critical" New zero-day Windows vulnerability being exploited. NIST.org 12-29-2005
Posted by NIST.org on December 29, 2005, 6:22 am
If you were  Registered and logged in, you could reply and use other advanced thread options
F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
currently being exploited through Trojan email messages and allow for
Arbitrary Code Execution. It is related to Microsoft Windows WMF
(Windows Metafiles) handling. Even fully patched Windows XP SP2
machines machines using IE or Firefox are vulnerable.

Update 12/29: F-Secure is reporting that this vulnerability can be
exploited using other image extensions such as BMP, GIF, PNG, JPG,
JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.

There is currently no patch for this vulnerability.

See http://www.nist.org/news.php?extend.50 for more information and
tips on how to block it.


Posted by Leythos on December 29, 2005, 6:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
google@eaglestock.com says...
> F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
> currently being exploited through Trojan email messages and allow for
> Arbitrary Code Execution. It is related to Microsoft Windows WMF
> (Windows Metafiles) handling. Even fully patched Windows XP SP2
> machines machines using IE or Firefox are vulnerable.
>
> Update 12/29: F-Secure is reporting that this vulnerability can be
> exploited using other image extensions such as BMP, GIF, PNG, JPG,
> JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.
>
> There is currently no patch for this vulnerability.
>
> See http://www.nist.org/news.php?extend.50 for more information and
> tips on how to block it.

Vulnerability Note VU#181038
http://www.kb.cert.org/vuls/id/181038

--

spam999free@rrohio.com
remove 999 in order to email me

Posted by Ludovic Joly on December 29, 2005, 12:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

If a patch is not released fast it's going to get as mad as with rpc
dcom...


Posted by Todd H. on December 29, 2005, 3:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> If a patch is not released fast it's going to get as mad as with rpc
> dcom...

Hrmm. I don't know about that. Why do you think so?

I don't know if I understand the present issue completely, but whereas
RPC DCOM was remotely exploitable via the network without user
interaction, this windows metafile dealio would require someone to
receive an email with the file attachment, wouldn't it? And hence
rely on the mailer doing something with it? Or am I underestimating
the severity of the release?

--
Todd H.
http://www.toddh.net/

Posted by Jbob on December 29, 2005, 4:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> I don't know if I understand the present issue completely, but whereas
> RPC DCOM was remotely exploitable via the network without user
> interaction, this windows metafile dealio would require someone to
> receive an email with the file attachment, wouldn't it? And hence
> rely on the mailer doing something with it? Or am I underestimating
> the severity of the release?
>
> --
> Todd H.
> http://www.toddh.net/

NO, NO, NO! Severely underestmated! lol This one infects simply by
visiting a web page with a suspect wmf file. You don't need to click on
anything. If the wmf file is imbedded windows will try an open it. The
full attack vector is still unsure of at this point. There are some
possible work arounds that "MAY" help.



Similar ThreadsPosted
Re: Microsoft Windows MSDTC Memory Corruption Vulnerability December 20, 2005, 10:35 am
Extremely odd thing with Giganews DMCA? September 19, 2005, 1:10 pm
Re: Microsoft warns of "critical" security flaws June 13, 2006, 10:24 pm
Microsoft Security Bulletin (Critical 3, Important 4, Moderate 2) October 11, 2005, 8:22 pm
Classification of Security Risks: Critical, High, Medium, Low and Warning December 30, 2005, 10:45 am
Second International Workshop on Critical Information Infrastructures Security (CRITIS'07) May 9, 2007, 3:45 pm
Second International Workshop on Critical Information Infrastructures Security (CRITIS'07) May 12, 2007, 2:36 pm
Second International Workshop on Critical Information Infrastructures Security (CRITIS'07) May 14, 2007, 5:19 am
2nd International Workshop on Critical Information Infrastructures Security (CRITIS'07) June 13, 2007, 6:58 am
Cisco IPv6 Vulnerability August 1, 2005, 6:23 pm

The site map in XML format XML site map

Contact Us | Privacy Policy