Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Worries increase over WMF flaw
Published: 2006-01-02

The New Year has brought a new exploit for the Windows Meta File flaw and more attacks. Many security experts believe that the situation poses such a danger that they have recommended that users install an unofficial patch.

The flaw occurs in Microsoft Windows' Graphics Rendering Engine. A specially crafted image file can take advantage of the flaw to compromise a Windows system that opens the image. Applications that use the vulnerable Windows operating system code include Internet Explorer, Windows Explorer, and the image viewing capability of Lotus Notes. Viewing a maliciously created image in those applications will run any embedded code. In a blog entry, a member of the Microsoft Security Response Center said that the team is investigating solutions for the security issue.

Yet, attackers are not waiting for the software giant. An attack that uses a hithertofore unseen exploit for the flaw appeared this weekend, according to antivirus firm F-Secure. The code marks the third exploit released so far. Two previous methods were made public by the Metasploit Project, a group of penetration testers and exploit researchers. The group published two exploits for the flaw, including one that can easily bypass most intrusion detection systems (IDS) and antivirus systems, according to an e-mail posted to a security mailing list by a member of the Metasploit group.

Worries over the attacks and the increasing number of exploits had security experts recommending that Windows users install an unofficial patch created by security software developer Ilfak Guilfanov. (Sunbelt Software has an alternate download site, as Guilfanov's site succombed to bandwidth demands.) The patch inserts itself into calls to the vulnerable procedure allowing users to still view images but theoretically blocking code from running.

Because of the exploits, the SANS Institute raised its Infocon level to "yellow." Symantec, the owner of SecurityFocus, has set its ThreatCon to "elevated," the second tier on its four-level threat scale.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Worries increase over WMF flaw 2006-01-04
Anonymous (2 replies)
Worries increase over WMF flaw 2006-01-13


Privacy Statement
Copyright 2009, SecurityFocus