BugTraq
RE: Is this a new exploit? Dec 28 2005 01:47PM
Portz, Jon (jportz kforce com)

Windows .wmf vulnerability, look here:

http://secunia.com/advisories/18255/

JTP

-----Original Message-----
From: noemailpls (at) noemail (dot) zipe [email concealed]r [mailto:noemailpls (at) noemail (dot) zipe [email concealed]r]
Sent: Tuesday, December 27, 2005 3:20 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Is this a new exploit?

Warning the following URL successfully exploited a fully patched windows xp
system with a freshly updated norton anti virus.

unionseek.com/d/t1/wmf_exp.htm

The url runs a .wmf and executes the virus, f-secure will pick up the virus
norton will not.
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?Ã0?K0?´ ÷n0
 *?H?÷
0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
051201215150Z
061201215150Z0C10UThawte Freemail Member1 0 *?H?÷
 jportz (at) kforce (dot) com0 [email concealed]?0
 *?H?÷
0?Ì:0¥Û?2Ãk.ùÎ7±>áþjß?]¶§?<@Ç}l´
"X¦î?$Öùm¦*a$yΧvò-°à5ÍÓl??©¶$kî«á:§/ËâÞA[Ëä]ÔOC9/¯´?I?D?_£?Î@
+nshàGt(_ã)ç¿QÝ£.0,0U0jportz (at) kforce (dot) com0 [email concealed] Uÿ00
 *?H?÷
tjÄåB?<t?ß??Í? «
iYW%?«­õ??°µÐ:+¹ö%âÍhrC«?Ú¸±?ûeûI-kTÛ£iæò®ÕÛ_?¦¿ö«Qõµr?ò
è4ØóïǦÇ8ö^sì;ð@@²?ÿ9Ú?Wq¿g@©@+íóvYâ±ñ0?-0?? 0
 *?H?÷
0Ñ1 0 UZA10U Western Cape10U Cape Town10U
Thawte Consulting1(0&U Certification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
 personal-freemail (at) thawte (dot) com0 [email concealed]
960101000000Z
201231235959Z0Ñ1 0 UZA10U Western Cape10U Cape Town10U
Thawte Consulting1(0&U Certification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
 personal-freemail (at) thawte (dot) com0 [email concealed]?0
 *?H?÷
0?Ôi×Ô°?d[qéGØ Q¶êr?°?^}-
{ß?%u(t:B,c'??{Kï~??ê£Ý¹Î?dÂnD¬|æèMq@8¦£?xöù??^­êÀ^vëÙ£]nz| ¥KU)??&Õj»8$j?DZڣ??ýyÛåZĹ£00Uÿ0ÿ0
 *?H?÷
Çì?~Nøõ?¥gb*¤ðM`Ðo`Xa¬&»R5\Ï0û¨J??bB#?ôºd?¬G)ߝ?^Òl`q\¢¬Üy
ãçnGµ
(èä?ýô¦Ù|±øÜ_#& ??sÐÞC©?%òæ?/Êþ¦«?u? ÝQ?käøÑÎw¢0??0?¨ 
0
 *?H?÷
0Ñ1 0 UZA10U Western Cape10U Cape Town10U
Thawte Consulting1(0&U Certification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
 personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
 *?H?÷
0?Ä¦<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½ :aò¿QÎÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯< çñ?6$*Ï+Õó?w=¾+þ»>¿@?dק¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û£?0?0Uÿ0ÿ0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0 U0)U"0 ¤010UPrivateLabel2-1380
 *?H?÷
H?ÑP?ê .Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ý­áabÃÙ:~?±?Å ?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?Ï0?Ë0i0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0 + ?¼0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
051228134617Z0# *?H?÷
 1å?ôùðü
âßR?ÿ.?Õ?îÆ0g *?H?÷
 1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0x +?71k0i0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0z *?H?÷
  1k i0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0
 *?H?÷
?¬^ ?´Ø3dàñ"?Hæ-ÍO³H2POåÐØ?¥???-IÍý\HZ9B
?aÏ?f0Îé5jNÿ¯ÔlP¢??} ûp±Ä¹ôÒÊ »ßc36R§iS?î?ÌL3X?¶{¡µR#Îd?$â|?'¼Ñnu\

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus