Jump to content

Windows zero day nightmare exploited.


Recommended Posts

By INQUIRER staff: Wednesday 28 December 2005, 12:11

Aaargh! No fix for Windows XP SP2!

F-SECURE, Bugtraq and a number of other security aware outfits have warned of a zero day vulnerability that's being actively exploited as we write.

Fully patched Windows XP SP2 machines are vulnerable and there's no known fix as yet.

A number of trojans are being distributed using the vulnerability, related to Windows' image rendering.

F-Secure says you can get blatted if you visit a site with an image file containing the exploit. IE users may automatically be infected. Firefox users can get infected if the image file is downloaded. There's more solid advice at F-Secure. We await a patch from Microsoft.

Link to comment
Share on other sites

Solution the easy way: go to the windows file options and remove any program assignment to files with the wmf extention so it won't be opened/executed automatically. You stil can access your normal wmf files by first starting the program you use for it, and then opening the file.

As far as i know, problem solved, or lat least less of a thing to worry about.

Link to comment
Share on other sites

the problem is a dll that stems more or less from the original 3.x since the inception of the .wmf format it has remained unchanged. the proliferation of this file format and handling of the same all through the os is probably what makes eradication of the bug so difficult.

one of the dangers is that removing just wmf extensions from the recognized file formats is no good. windows will recognize a .wmf named .jpg to be a wmf when it opens it and send it to the picture and fax viewer where exploit code can be run. the problem is a buffer overflow in the header of the wmf that allows a prepped wmf to dump code into the stack.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...