Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Windows MetaFiles still vulnerable
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Outpost not blocking traffic on Windows shutdown »
« JaimeSmile Trojan  
AuthorAll Replies

jp10558
Premium
join:2005-06-24
Willseyville, NY

reply to jbob
Re: Windows MetaFiles still vulnerable

So, if I go to such a page, I'll get a prompt about viewing the picture, and if I say no, no problem... So there's no vulnerability just in seeing images on a web page, it has to launch Windows Picture and Fax viewer?
--
Opera 8.5(Build 7700); Windows XP Pro SP2;Athlon 64 3400+; 1GB PC3200 DDR; 1M/128k DSL; NOD32(Version 2.5.25); Outpost Pro 3;Proxomitron 4.5j Grypen 12/2/05(Opera mod),GPG ID:0x0A1C6EE3
to forum · permalink · · 2005-12-28 13:17:13 · (locked)


jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest

 From SANS today:

The orignal exploit site (unionseek.com) is no longer up. But the exploit is being served from various sites all over by now, see the F-Secure Blog on »www.f-secure.com/weblog/ for an update on the versions of the exploit found in the wild.

Regarding DEP (Data Execution Protection) of XPSP2, the default settings of DEP will not prevent this exploit from working. Comments we have received in the meantime suggest that if you enable DEP to cover all programs (as documented on Microsoft Technet ), the WMF exploit attempt will result in a warning and not run on its own.

While the original exploit only refered to the Microsoft Picture and Fax Viewer, current information is that any application which automatically displays or renders WMF files is vulnerable to the problem. This includes Google Desktop, if the indexing function finds one of the exploit WMFs on the local hard drive - see the F-Secure Weblog mentioned above for details.
********************************
I know of some guys who downloaded the file "wmf_exp.wmf" to further investigate it.
to forum · permalink · · 2005-12-28 13:28:12 · (locked)
Thread is
Forums » Up and Running » Security » SecurityOutpost not blocking traffic on Windows shutdown »
« JaimeSmile Trojan  

Friday, 04-Dec 15:29:56 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [120] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [100] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [78] FCC Ponders Moving From PSTN To IP Voice
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· People would bewalking away from the table if ACTA public [TekSavvy]
· Warrior tank seem underpowered these days [World of Warcraft]
· DNS options, what are YOU using? [TekSavvy]
· Windows 7 boot manager editing questions [Microsoft Help]
· Long ethernet runs [Wireless Service Providers]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· [DNS] Google's public DNS... performance increases? [Comcast HSI]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]