|
Posted by NIST.org on December 29, 2005, 6:22 am
If you were Registered and logged in, you could reply and use other advanced thread options
F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
currently being exploited through Trojan email messages and allow for
Arbitrary Code Execution. It is related to Microsoft Windows WMF
(Windows Metafiles) handling. Even fully patched Windows XP SP2
machines machines using IE or Firefox are vulnerable.
Update 12/29: F-Secure is reporting that this vulnerability can be
exploited using other image extensions such as BMP, GIF, PNG, JPG,
JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.
There is currently no patch for this vulnerability.
See http://www.nist.org/news.php?extend.50 for more information and
tips on how to block it.
|
|
Posted by Leythos on December 29, 2005, 6:42 am
If you were Registered and logged in, you could reply and use other advanced thread options
google@eaglestock.com says...
> F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
> currently being exploited through Trojan email messages and allow for
> Arbitrary Code Execution. It is related to Microsoft Windows WMF
> (Windows Metafiles) handling. Even fully patched Windows XP SP2
> machines machines using IE or Firefox are vulnerable.
>
> Update 12/29: F-Secure is reporting that this vulnerability can be
> exploited using other image extensions such as BMP, GIF, PNG, JPG,
> JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.
>
> There is currently no patch for this vulnerability.
>
> See http://www.nist.org/news.php?extend.50 for more information and
> tips on how to block it.
Vulnerability Note VU#181038
http://www.kb.cert.org/vuls/id/181038
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by David H. Lipman on December 29, 2005, 3:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
| currently being exploited through Trojan email messages and allow for
| Arbitrary Code Execution. It is related to Microsoft Windows WMF
| (Windows Metafiles) handling. Even fully patched Windows XP SP2
| machines machines using IE or Firefox are vulnerable.
|
| Update 12/29: F-Secure is reporting that this vulnerability can be
| exploited using other image extensions such as BMP, GIF, PNG, JPG,
| JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.
|
| There is currently no patch for this vulnerability.
|
| See http://www.nist.org/news.php?extend.50 for more information and
| tips on how to block it.
The following is a eport of AV software and their detection of this Exploit.
AntiVir 6.33.0.70 12.29.2005 TR/Dldr.WMF.Agent.D
Avast 4.6.695.0 12.29.2005 Win32:Exdown
AVG 718 12.29.2005 Downloader.Agent.13.AI
Avira 6.33.0.70 12.29.2005 TR/Dldr.WMF.Agent.D
BitDefender 7.2 12.29.2005 Exploit.Win32.WMF-PFV.C
CAT-QuickHeal 8.00 12.29.2005 WMF.Exploit
ClamAV devel-20051123 12.29.2005 Exploit.WMF.A
DrWeb 4.33 12.29.2005 Exploit.MS05-053
eTrust-Iris 7.1.194.0 12.29.2005 Win32/Worfo.C!Trojan
eTrust-Vet 12.4.1.0 12.29.2005 Win32/Worfo
Ewido 3.5 12.29.2005 Downloader.Agent.acd
Fortinet 2.54.0.0 12.29.2005 W32/WMF-exploit
F-Prot 3.16c 12.29.2005 security risk or a "backdoor" program
Ikarus 0.2.59.0 12.29.2005 Trojan-Downloader.Win32.Agent.ACD
Kaspersky 4.0.2.24 12.29.2005 Trojan-Downloader.Win32.Agent.acd
McAfee 4662 12.29.2005 Exploit-WMF
Microsoft ?? 12.29.2005 no virus found
NOD32v2 1.1343 12.28.2005 Win32/TrojanDownloader.Wmfex
Norman 5.70.10 12.29.2005 no virus found
Panda 9.0.0.4 12.28.2005 Exploit/Metafile
Sophos 4.01.0 12.29.2005 Troj/DownLdr-NK
Symantec 8.0 12.29.2005 Download.Trojan
TheHacker 5.9.1.064 12.28.2005 Exploit/WMF
Trend Micro 135 12.29.2005 TROJ_NASCENE.D
UNA 1.83 12.29.2005 no virus found
VBA32 3.10.5 12.28.2005 no virus found
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by E. on December 29, 2005, 4:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> F-Secure.com and Secunia.com are reporting a new zero-day vulnerability
> currently being exploited through Trojan email messages and allow for
> Arbitrary Code Execution. It is related to Microsoft Windows WMF
> (Windows Metafiles) handling. Even fully patched Windows XP SP2
> machines machines using IE or Firefox are vulnerable.
>
> Update 12/29: F-Secure is reporting that this vulnerability can be
> exploited using other image extensions such as BMP, GIF, PNG, JPG,
> JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO.
>
> There is currently no patch for this vulnerability.
>
> See http://www.nist.org/news.php?extend.50 for more information and
> tips on how to block it.
>
Easy enough to add the dll unregister command to a logon script until a
patch is made ;-)
Thx for posting that info. Appropriate action taken.
Cheers,
E.
|
|
Posted by Frankster on December 30, 2005, 10:38 am
If you were Registered and logged in, you could reply and use other advanced thread options
-Frank
|
| Similar Threads | Posted | | Intel DEP vulnerability and windows.......??? | July 11, 2005, 3:58 pm |
| EEye publishes fix for Windows zero-day vulnerability | March 30, 2007, 5:11 pm |
| Unpatched Powerpoint Flaw Exploited | July 17, 2006, 12:27 am |
| Microsoft Zero Day security holes being exploited | September 22, 2006, 10:37 pm |
| Extremely slow "broadband" connection | January 2, 2005, 3:06 pm |
| Check this critical pack from the Microsoft Corporation | June 24, 2004, 1:22 pm |
| HPSBMA02133 SSRT061201 rev.3 - HP Oracle for OpenView (OfO) Critical Patch Update | January 26, 2007, 6:42 am |
| HPSBMA02133 SSRT061201 rev.4 - HP Oracle for OpenView (OfO) Critical Patch Update | April 19, 2007, 6:18 pm |
| Second International Workshop on Critical Information Infrastructures Security (CRITIS'07) | May 9, 2007, 3:54 pm |
| 2nd International Workshop on Critical Information Infrastructures Security (CRITIS'07) | June 15, 2007, 6:30 am |
|
XML site map