Command and Conquer: Renegade Official Forums: General Discussion » Everyone Read

Home » General Discussions » General Discussion » Everyone Read - Windows WMF Vulnerability Patch

Show: Today's Messages :: Polls :: Message Navigator

Everyone Read - Windows WMF Vulnerability Patch [message #184510]

Mon, 02 January 2006 14:25

light
Messages: 988
Registered: January 2005

Karma:

Colonel

Last week a vulnerability was found in all versions of windows that allows people to execute arbitrary code using a buffer over-run in Windows Metafiles.

WMF files are images, so can be placed on any website or email and can be used to attack your system.

Please, everyone read: http://grc.com/sn/notes-020.htm
Use this to see if your system is vulnerable: http://www.hexblog.com/2006/01/wmf_vulnerability_checker.htm l
Use this to 3rd party patch to secure it: http://www.hexblog.com/security/files/wmffix_hexblog13.exe

More technical details can be found here: http://www.f-secure.com/weblog/

EDIT:

Due to over-use, the hexblog website has been suspeneded. New Download links hosted on GRC.com

The Checker: http://www.grc.com/miscfiles/wmf_checker_hexblog.exe
and The Patcher: http://www.grc.com/miscfiles/wmffix_hexblog14.exe

EDIT 2:

A revised list of vulnerable OS's. Bascially the two main ones are XP and Server 2003. http://blog.ziffdavis.com/seltzer/archive/2006/01/03/39684.a spx

F-Secure RSS Feed:

Larry Seltzer from eWeek has been doing lots of additional testing against older versions of Windows and bad WMF files.He has just blogged his interesting findings:...in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw.
...all versions of Windows back to 3.0 have the vulnerability in GDI32.

Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files...So the vulnerability is there on all platforms but it seems that only Windows XP and 2003 are easily exploitable. Unfortunately this still means that majority of Windows computers out there are vulnerable right now. And at least Windows 2000 becomes vulnerable if you're using many of the available third party image handling programs to open image files. On 03/01/06 At 07:29 AMhttp://www.f-secure.com/weblog/#00000764

http://www.azupload.com/displayImage.php/setid2745.png

[Updated on: Wed, 04 January 2006 02:29]

Report message to a moderator

[Message index]

		Everyone Read - Windows WMF Vulnerability Patch By: light on Mon, 02 January 2006 14:25
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Aprime on Mon, 02 January 2006 14:40
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Mon, 02 January 2006 14:47
		Re: Everyone Read - Windows WMF Vulnerability Patch By: idebo on Mon, 02 January 2006 14:54
		Re: Everyone Read - Windows WMF Vulnerability Patch By: icedog90 on Mon, 02 January 2006 15:15
		Re: Everyone Read - Windows WMF Vulnerability Patch By: csskiller on Mon, 02 January 2006 22:09
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Spice on Tue, 03 January 2006 13:10
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Lijitsu on Tue, 03 January 2006 13:23
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Lijitsu on Mon, 02 January 2006 23:11
		Re: Everyone Read - Windows WMF Vulnerability Patch By: xptek on Mon, 02 January 2006 23:13
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Goztow on Tue, 03 January 2006 00:24
		Re: Everyone Read - Windows WMF Vulnerability Patch By: RTsa on Tue, 03 January 2006 06:15
		Re: Everyone Read - Windows WMF Vulnerability Patch By: The Mad Hatter on Tue, 03 January 2006 06:25
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Tue, 03 January 2006 16:29
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Xtrm2Matt on Tue, 03 January 2006 12:03
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Spice on Tue, 03 January 2006 15:00
		Re: Everyone Read - Windows WMF Vulnerability Patch By: cmatt42 on Tue, 03 January 2006 17:18
		Re: Everyone Read - Windows WMF Vulnerability Patch By: csskiller on Tue, 03 January 2006 17:42
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Tue, 03 January 2006 21:04
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Xtrm2Matt on Thu, 05 January 2006 03:57
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Thu, 05 January 2006 19:21
		Re: Everyone Read - Windows WMF Vulnerability Patch By: The Mad Hatter on Thu, 05 January 2006 11:35
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Dave Mason on Thu, 05 January 2006 15:31
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Thu, 05 January 2006 18:11
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Dave Mason on Thu, 05 January 2006 19:29
		Re: Everyone Read - Windows WMF Vulnerability Patch By: Renx on Thu, 05 January 2006 20:15
		Re: Everyone Read - Windows WMF Vulnerability Patch By: light on Thu, 05 January 2006 20:30

Previous Topic:	FUDForum upgrade
Next Topic:	OT: Funny commercial

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Sep 03 09:18:48 MST 2024

Total time taken to generate the page: 0.01070 seconds