Windows Vulnerability, Very Serious (WMF)
8 posts
• Page 1 of 1
Windows Vulnerability, Very Serious (WMF)
by Raycaster » Wed Jan 04, 2006 9:50 am
Windows Metafiles have a serious vulnerability. Seems that Microsoft thought it was a good idea to have image files be able to contain executable code. And because of the magic number in the wmf file, it can actually be renamed to jpg or bmp and Windows will still recognize it as a WMF file and still process it as such. If you get one of the files going around it will install spyware without you realizing it. You will see the image and not know that code is executing in the background. It doesn't matter what web browser / email reader you are using as the image file will be passed onto the Windows GDI process for rendering. Firefox and Thunderbird will not save you since this is a Windows OS and not IE exploit.
This one is very serious and MS will not have a patch until the 10th. Uber windows coder Ilfak Guilfanov has released an unofficial patch to fix the problem. I have used it on my Windows XP boxes without a problem. Unfortunately this patch doesn't work on all versions of Windows even though the vulnerability goes all the way back to Windows 3.0.
Thanks Microsoft just the X-mas / New Years present I wanted. BTW this post courtesy of Firefox and Fedora Core 4 Linux.
Links to the unofficial fix and information about the vulnerability.
Ilfak's web site
CNN Money article
CastleCop's discussion forum on this problem
It's not a bug, it's a feature ZDNet UK article ecouraging use of unofficial fix
Edited subject since it was truncated to "Very Serious Windows" on main page.
This one is very serious and MS will not have a patch until the 10th. Uber windows coder Ilfak Guilfanov has released an unofficial patch to fix the problem. I have used it on my Windows XP boxes without a problem. Unfortunately this patch doesn't work on all versions of Windows even though the vulnerability goes all the way back to Windows 3.0.
Thanks Microsoft just the X-mas / New Years present I wanted. BTW this post courtesy of Firefox and Fedora Core 4 Linux.
Links to the unofficial fix and information about the vulnerability.
Ilfak's web site
CNN Money article
CastleCop's discussion forum on this problem
It's not a bug, it's a feature ZDNet UK article ecouraging use of unofficial fix
Edited subject since it was truncated to "Very Serious Windows" on main page.
The code compiles, ship it!
- Ldsmith104
-
- Posts: 2445
- Joined: Sun Jun 22, 2003 2:49 am
- Location: Fayetteville NC
by Ldsmith104 » Wed Jan 04, 2006 7:18 pm
Thanks for the info
Larry
Damn it Jim!!! I'm a paramedic not a doctor!!!
Drive carefully or I'll see you naked
"Great minds discuss ideas; average minds discuss events; Small minds discuss people."
-Eleanor Roosevelt
Damn it Jim!!! I'm a paramedic not a doctor!!!
Drive carefully or I'll see you naked
"Great minds discuss ideas; average minds discuss events; Small minds discuss people."
-Eleanor Roosevelt
Originally posted by Chacal
There's no forum setting for allowing only mature posters.
Sad.
by Namloot » Thu Jan 05, 2006 9:31 pm
It appears Sir Bill and Co. have released thier official fix for this:
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
by Chacal » Mon Jan 09, 2006 12:22 am
If there's one file on the net with that exploit, Tommy will find it.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
Chacal!
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 14 guests