"While no evidence exists that the bugs allow code execution, the WMF flaw patched earlier this month was originally thought to only crash Windows."
Incorrect. Neither that flaw, nor this one, will under any circumstances crash Windows. What *may* happen is that an *application* will crash -- not the entire system.
Further, the WMF vulnerability Microsoft patched in MS06-001 was discovered in-the-wild. Attackers were using that vulnerability to execute code and gain control of users' systems. The statement that it was "originally thought to only crash Windows" simply isn't correct.
Incorrect. Neither that flaw, nor this one, will under any circumstances crash Windows. What *may* happen is that an *application* will crash -- not the entire system.
Further, the WMF vulnerability Microsoft patched in MS06-001 was discovered in-the-wild. Attackers were using that vulnerability to execute code and gain control of users' systems. The statement that it was "originally thought to only crash Windows" simply isn't correct.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/101/439#439