lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20051229213436.33047.qmail@web90009.mail.scd.yahoo.com>
Date: Thu, 29 Dec 2005 13:34:36 -0800 (PST)
From: Bill Busby <williambusby2001@...oo.com>
To: "Hayes, Bill" <Bill.Hayes@....com>, davidribyrne@...oo.com
Cc: bugtraq@...urityfocus.com
Subject: RE: WMF Exploit


It is not only *.wmf extensions it is all files that
have windows metafile headers that will open with the
Windows Picture and Fax Viewer.  Any file that has the
header of a windows metafile can trigger this exploit.

--- "Hayes, Bill" <Bill.Hayes@....com> wrote:

> CERT now has posted Vulnerability Note VU#181038,
> "Microsoft Windows may
> be vulnerable to buffer overflow via specially
> crafted WMF file"
> (http://www.kb.cert.org/vuls/id/181038). The note
> provides additional
> details about the exploit and its effects. Very few
> workarounds have
> been proposed other than blocking at the perimeter
> and possibly
> remapping the .wmf extension to some application
> other than the
> vulnerable Windows Picture and Fax Viewer
> (SHIMGVU.DLL).
> 
> Bill...
> 
> -----Original Message-----
> From: davidribyrne@...oo.com
> [mailto:davidribyrne@...oo.com]
> Sent: Wednesday, December 28, 2005 4:18 PM
> To: bugtraq@...urityfocus.com
> Subject: WMF Exploit
> 
> 
> Another quick observation, again, I apologize if
> this information has
> already been posted; I haven't been able to read all
> the posts today.
> The thumbnail view in Windows Explorer will parse
> the graphics files in
> a folder, even if the file is never explicitly
> opened. This is enough to
> trigger the exploit. Even more frightening is that
> you don't have to use
> the thumbnail view for a thumbnail to be generated.
> Under some
> circumstances, just single-clicking on the file will
> cause it to be
> parsed.
> 
> David Byrne
> 



	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ