New WMF Exploit
By jeffreycentex on Jan 1, 2006 in Uncategorized
Post Tags: Security
In case you haven’t check SANS ISC today, there is a new “present”…
A new variant of the WMF exploit…
Aaaarrrrgggghhh…
From the bulletin:
The exploit generates files:
- with a random size;
- no .wmf extension, (.jpg), but could be any other image extension actually;
- a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
- a number of possible calls to run the exploit are listed in the source;
- a random trailer
Can I say it again… Aaaaaaaaaaarrrrrrgggggghhhh… At least this one does not currently contain damaging code. But it won’t take long for a damaging payload to be incorporated into it.
Also from SANS ISC, here is more information on an Instant Messaging variant of the WMF exploit…
Hopefully AV vendors will figure out some way to detect this new one before a catastrophe. Otherwise, we will be somewhat vulnerable until MS releases a patch for this issue. There is a third party patch for Windows that purportedly will fix this hole, but YMMV (check the ISC blog for a link to it).
One last time… Aaaaaaaaarrrrrrrrrrgggggghhhhh…
