Another new WMF exploit



December 31st, 2005

It's been a busy few days and there's little sign of things easing off.  Now SANS is reporting a new [tag]WMF[/tag] vulnerability:

The source code claims to be made by the folks at metasploit and xforce, together with a anonymous source.
 
The exploit generates files:

  • with a random size;
  • no .wmf extension, (.jpg), but could be any other image extension actually;
  • a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
  • a number of possible calls to run the exploit are listed in the source;
  • a random trailer

This is a pretty serious vulnerability and as yet there is not detection routine for antivirus products.  The folks at SANS also think that this one is going to be difficult to create detection signatures for because fo the structure of WMF files.

This again rasies the Internet Storm Center threat level to yellow again.

More information on Security Fix

This entry was posted on Saturday, December 31st, 2005 at 21:57 and is filed under In the News, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.