Novacaster Community: CERT Advisory re Windows Metafile exploit

Welcome!»
Latest Contributions»
Community Areas»
Blogging Areas»
Group Areas»
Business Areas»
Technical Areas»

Unknown Masterpiece»

Keyword Search:

CERT Advisory re Windows Metafile exploit

by Simon at 09:37 29/12/05 (Forum::Technical Advice::General)

"Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the the Windows operating system may be at risk as well."

... says CERT in a bulletin this morning.

Full announcement

Updates will be available here

Given the widespread use of HTML in email, I think this is probably a vector for attack that's going to be pretty successful.

--
simon

<< Wanted: Someone cleverer than ...

OK I give up >>

View Comments (Threaded Mode) Printer Version

CERT Advisory re Windows Metafile exploit	Simon - 09:37 29/12/05
Re: CERT Advisory re Windows Metafile exploit	Simon - 10:44 29/12/05
More info here (Google Groups). -- simon
Re: CERT Advisory re Windows Metafile exploit	Simon - 16:45 02/01/06
Video of exploit in action. http://www.websensesecuritylabs.com/images/alerts/wmf-movie.wmv -- simon
F-Secure Blog and Washington Post article, plus a patch	Simon - 17:23 02/01/06
http://www.f-secure.com/weblog/ http://www.washingtonpost.com/wp-dyn/content/article/2005/12/29/AR2005122901456.html ... there's an unofficial hotfix (that patches at a very low level) recommended: http://www.hexblog.com/2005/12/wmf_vuln.html -- simon
Patch is out (Re: CERT Advisory re Windows Metafile exploit)	Simon - 10:12 06/01/06
The official MS patch for the exploit is apparently now available. http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx -- simon