If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
You may have heard about this already but just in case :
http://www.microsoft.com/technet/sec...ry/912840.mspx http://securityresponse.symantec.com...xploit.56.html What is the scope of the advisory? Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. Is this a security vulnerability that requires Microsoft to issue a security update? We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin. What causes the vulnerability? A vulnerability exists in the way specially crafted Windows Metafile (WMF) images are handled that could allow arbitrary code to be executed. What is the Windows Metafile (WMF) image format? A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. How could an attacker exploit the vulnerability? An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. I am reading e-mail in plain text, does this help mitigate the vulnerability? Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. Does this vulnerability affect image formats other than Windows Metafile (WMF)? At this point, the only image format affected is the Windows Metafile (WMF) format. It is possible however than an attacker could rename the file extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphic Rendering engine would detect and render the file as a WMF image which could allow exploitation. John L Rice |
#2
|
|||
|
|||
OT FYI - Warning. New Windows vulnerabilty.
On Mon, 2 Jan 2006 14:01:19 -0800, "John L Rice"
wrote: You may have heard about this already but just in case : http://www.microsoft.com/technet/sec...ry/912840.mspx http://securityresponse.symantec.com...xploit.56.html snip Does this vulnerability affect image formats other than Windows Metafile (WMF)? At this point, the only image format affected is the Windows Metafile (WMF) format. It is possible however than an attacker could rename the file extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphic Rendering engine would detect and render the file as a WMF image which could allow exploitation. Unless something specific is done to stop it the GRE *will* attempt to render the file as a WMF which *will* allow exploitation. Using text only mail, and a good firewall will help, but only disabling the GRE, which can be done will prevent the malicious site from infecting the computer. There is one unoficial fix available, but I'll not point any one to an unoficial fix. Check with the Inforworld site, or other professional sites. Roger Halstead (K8RI & ARRL life member) (N833R, S# CD-2 Worlds oldest Debonair) www.rogerhalstead.com John L Rice |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Olympus C3000 Zoom with Windows XP ? | Martin | Digital Photography | 17 | November 25th 05 12:27 PM |
Silverfast SE 6.0 - Doesn't Install In Windows XP | [email protected] | Digital Photography | 5 | February 18th 05 03:19 AM |
Opening Pentax *ist DS RAW .PEF files in Windows 98? | Helen Edith Stephenson | Digital SLR Cameras | 24 | January 10th 05 08:16 AM |
rotating JPG's, Windows explorer context menu, ImageMagick, anyone? | Robert Barr | Digital Photography | 20 | December 10th 04 12:41 AM |
Windows XP and Mac OS-X put "stuff" on my card | Bruce Patis | Digital Photography | 13 | October 10th 04 04:45 AM |