BugTraq
Back to list
|
Post reply
RE: Is this a new exploit?
Dec 28 2005 01:47PM
Portz, Jon (jportz kforce com)
Windows .wmf vulnerability, look here:
http://secunia.com/advisories/18255/
JTP
-----Original Message-----
From: noemailpls (at) noemail (dot) zipe [email concealed]r [mailto:noemailpls (at) noemail (dot) zipe [email concealed]r]
Sent: Tuesday, December 27, 2005 3:20 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Is this a new exploit?
Warning the following URL successfully exploited a fully patched windows xp
system with a freshly updated norton anti virus.
unionseek.com/d/t1/wmf_exp.htm
The url runs a .wmf and executes the virus, f-secure will pick up the virus
norton will not.
0? *?H?÷
?0?10 +0? *?H?÷
?Ã0?K0?´ ÷n0
*?H?÷
0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
051201215150Z
061201215150Z0C10UThawte Freemail Member1 0 *?H?÷
jportz (at) kforce (dot) com0 [email concealed]?0
*?H?÷
0?Ì:0¥Û?2Ãk.ùÎ7±>áþjß?]¶§?<@Ç}l´
"X¦î?$Öùm¦*a$yΧvò-°à5ÍÓl??©¶$kî«á:§/ËâÞA[Ëä]ÔOC9/¯´?I?D?_£?Î@
+nshàGt(_ã)ç¿QÝ£.0,0U0jportz (at) kforce (dot) com0 [email concealed]Uÿ00
*?H?÷
tjÄåB?<t?ß??Í?«
iYW%?«õ??°µÐ:+¹ö%âÍhrC«?Ú¸±?ûeûI-kTÛ£iæò®ÕÛ_?¦¿ö«Qõµr?ò
è4ØóïǦÇ8ö^sì;ð@@²?ÿ9Ú?Wq¿g@©@+íóvYâ±ñ0?-0?? 0
*?H?÷
0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]
960101000000Z
201231235959Z0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]?0
*?H?÷
0?Ôi×Ô°?d[qéGØQ¶êr?°?^}-
{ß?%u(t:B,c'??{Kï~??ê£Ý¹Î?dÂnD¬|æèMq@8¦£?xöù??^êÀ^vëÙ£]nz|¥KU)??&Õj»8$j?DZڣ??ýyÛåZĹ£00Uÿ0ÿ0
*?H?÷
Çì?~Nøõ?¥gb*¤ðM`Ðo`Xa¬&»R5\Ï0û¨J??bB#?ôºd?¬G)ß?^Òl`q\¢¬Üy
ãçnGµ
(èä?ýô¦Ù|±øÜ_#& ??sÐÞC©?%òæ?/Êþ¦«?u?ÝQ?käøÑÎw¢0??0?¨
0
*?H?÷
0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
*?H?÷
0?Ħ<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½:aò¿QÎÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯<çñ?6$*Ï+Õó?w=¾+þ»>¿@?d×§¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û£?0?0Uÿ0ÿ0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0U0)U"0 ¤010UPrivateLabel2-1380
*?H?÷
H?ÑP?ê.Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ýáabÃÙ:~?±?Å?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?Ï0?Ë0i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0 + ?¼0 *?H?÷
1 *?H?÷
0 *?H?÷
1
051228134617Z0# *?H?÷
1å?ôùðü
âßR?ÿ.?Õ?îÆ0g *?H?÷
1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0x +?71k0i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0z*?H?÷
1k i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0
*?H?÷
?¬^ ?´Ø3dàñ"?Hæ-ÍO³H2POåÐØ?¥???-IÍý\HZ9B
?aÏ?f0Îé5jNÿ¯ÔlP¢??}ûp±Ä¹ôÒÊ »ßc36R§iS?î?ÌL3X?¶{¡µR#Îd?$â|?'¼Ñnu\
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Windows .wmf vulnerability, look here:
http://secunia.com/advisories/18255/
JTP
-----Original Message-----
From: noemailpls (at) noemail (dot) zipe [email concealed]r [mailto:noemailpls (at) noemail (dot) zipe [email concealed]r]
Sent: Tuesday, December 27, 2005 3:20 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Is this a new exploit?
Warning the following URL successfully exploited a fully patched windows xp
system with a freshly updated norton anti virus.
unionseek.com/d/t1/wmf_exp.htm
The url runs a .wmf and executes the virus, f-secure will pick up the virus
norton will not.
0? *?H?÷
?0?10 +0? *?H?÷
?Ã0?K0?´ ÷n0
*?H?÷
0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
051201215150Z
061201215150Z0C10UThawte Freemail Member1 0 *?H?÷
jportz (at) kforce (dot) com0 [email concealed]?0
*?H?÷
0?Ì:0¥Û?2Ãk.ùÎ7±>áþjß?]¶§?<@Ç}l´
"X¦î?$Öùm¦*a$yΧvò-°à5ÍÓl??©¶$kî«á:§/ËâÞA[Ëä]ÔOC9/¯´?I?D?_£?Î@
+nshàGt(_ã)ç¿QÝ£.0,0U0jportz (at) kforce (dot) com0 [email concealed]Uÿ00
*?H?÷
tjÄåB?<t?ß??Í?«
iYW%?«õ??°µÐ:+¹ö%âÍhrC«?Ú¸±?ûeûI-kTÛ£iæò®ÕÛ_?¦¿ö«Qõµr?ò
è4ØóïǦÇ8ö^sì;ð@@²?ÿ9Ú?Wq¿g@©@+íóvYâ±ñ0?-0?? 0
*?H?÷
0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]
960101000000Z
201231235959Z0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]?0
*?H?÷
0?Ôi×Ô°?d[qéGØQ¶êr?°?^}-
{ß?%u(t:B,c'??{Kï~??ê£Ý¹Î?dÂnD¬|æèMq@8¦£?xöù??^êÀ^vëÙ£]nz|¥KU)??&Õj»8$j?DZڣ??ýyÛåZĹ£00Uÿ0ÿ0
*?H?÷
Çì?~Nøõ?¥gb*¤ðM`Ðo`Xa¬&»R5\Ï0û¨J??bB#?ôºd?¬G)ß?^Òl`q\¢¬Üy
ãçnGµ
(èä?ýô¦Ù|±øÜ_#& ??sÐÞC©?%òæ?/Êþ¦«?u?ÝQ?käøÑÎw¢0??0?¨
0
*?H?÷
0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
*?H?÷
0?Ħ<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½:aò¿QÎÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯<çñ?6$*Ï+Õó?w=¾+þ»>¿@?d×§¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û£?0?0Uÿ0ÿ0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0U0)U"0 ¤010UPrivateLabel2-1380
*?H?÷
H?ÑP?ê.Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ýáabÃÙ:~?±?Å?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?Ï0?Ë0i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0 + ?¼0 *?H?÷
1 *?H?÷
0 *?H?÷
1
051228134617Z0# *?H?÷
1å?ôùðü
âßR?ÿ.?Õ?îÆ0g *?H?÷
1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0x +?71k0i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0z*?H?÷
1k i0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA÷n0
*?H?÷
?¬^ ?´Ø3dàñ"?Hæ-ÍO³H2POåÐØ?¥???-IÍý\HZ9B
?aÏ?f0Îé5jNÿ¯ÔlP¢??}ûp±Ä¹ôÒÊ »ßc36R§iS?î?ÌL3X?¶{¡µR#Îd?$â|?'¼Ñnu\
[ reply ]