Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Microsoft posts patches, more WMF flaws arrive
Robert Lemos, 2006-01-11
Comments Mode:
Microsoft posts patches, more WMF flaws arrive 2006-01-11
Matthew Murphy (1 replies)
"While no evidence exists that the bugs allow code execution, the WMF flaw patched earlier this month was originally thought to only crash Windows."

Incorrect. Neither that flaw, nor this one, will under any circumstances crash Windows. What *may* happen is that an *application* will crash -- n...

[ more ]  [ reply ]
Re: Microsoft posts patches, more WMF flaws arrive 2006-01-11
Robert Lemos
You are correct. The original article identified the wrong Microsoft flaw as one that had previously been classified as a "crash bug." It should have identified the recent flaw fixed within Internet Explorer in December as the vulnerability that Microsoft had originally flagged as a "crash bug."

...

[ more ]  [ reply ]
Microsoft posts patches, more WMF flaws arrive 2006-01-12
Anonymous
The first WMF is easily exploitable and allows remote code execution. I have done it myself and it works both local and remote. The victim simply needs to open a .HTML redirecting to .WMF or directly open the .WMF with MS Picture and Fax Viewer (default Windows picture viewer) which leads to downloa...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus