WMF day-0 exploit

There is a security breach in the WMF (an old vectorial file format) support of Windows.
This is peculiar because :

• It’s not protected by DEP by default
• Even when it is, DEP may fail to protect the system
• It may be used to infect any 32bit Windows as well as x64 an Itanium versions
• It will infect users of Firefox, Opera and other alternative browsers and/or mail clients
• If you have a local indexing service it may even infect systems using text only browsers or other get utilities
• Visiting a malicious link, downloading a file without even opening its folder, even letting some antivirus programs scan your email can lead to infection

You can read more about it in these places :

http://isc.sans.org/diary.php?storyid=975
http://www.f-secure.com/weblog/archives/archive-122005.html#00000753
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://sunbeltblog.blogspot.com/2005/12/workaround-for-wmf-exploit.html

Update:
Here are some attacking scenarios not included in the posts I read about the problem :

• Malicious user copying infected files on a network share on a computer using an indexing service (it could be your file server if for whatever reason you have an indexing service running on it
• Malicious user copying infected files on a network share on a computer which for whatever reason reads an image from the disk on an overwritable location
• Internal malicious attacks on intranets
• Very easy trap with instant messaging and P2P applications (since with indexing apps it might kill on just having the file..)
• Malicious user overwriting the setup image of any software install disk shared on a network share
• Forums and other “upload your photo” websites. I can’t wait to hear the first user on any forum complaining about the avatar of user X being a malicious wmf renamed as png. Maybe we will not hear him because everytime he enters the forum to complain he has to reinstall Windows

Inactivity

The blog activity was and is suspended in this period.
Sorry but I’m really tired AND I’ve had some problems with my computer at home, so I was unable to test DevIL.NET with VS2005 and to post new interesting articles..

Happy new year to all of you.

• Recently Written

  • Easy Setup of Remote Debugging
  • Top 10 music for programming
  • A smarter but not smartest greedy algorithm for hotel bookings
  • Machines with the same SID are not a problem
  • AeroCycle applet
  • Porting .NET app to Vista.. DEP strikes!
  • TargetInvocationException in asynchronous web service call
  • New gmail iGoogle gadget bugged!
  • OpenSUSE 11.0 - Nurnberg down.
  • Repair broken xfce after theme selection

• Categories

  • Funny (maybe)
  • Gaming
  • Geeky side of life
  • Linux
  • Programming
    • .NET
    • C++
    • Code Snippets
    • Win32
    • x86/64 (amd64) specific
    • x86/ia32 specific
  • Rants
  • Security
  • Software releases
  • Sport Events
  • Uncategorized
  • Usability

• Archives

  • February 2010
  • November 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • April 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • August 2007
  • March 2007
  • February 2007
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • May 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005

• Admin

  • Login
  • WordPress
  • XHTML

• 
  

• About

  A blog about whatever gets on my computer or any other programmable device I own. From Linux to .NET.

• Social Networking


www.flickr.com

This is a Flickr badge showing public photos from Marco Mastropaolo. Make your own badge here.

• Blogroll

  • Ale+Ale - … Ale+Ale!
  • Blog di Paolone (it) - (Italian) Il blog di un amico :)
  • Bruce Eckel’s Free Electronic Books - Free Thinking in Java, C++, Patterns books. A must!
  • Code Project - Free code snippets for Windows
  • Dilbert - Where everyday work becomes comics
  • Eriadan (it) - (Italian) IL blog a fumetti
  • Freshmeat - Free (as in freedom) software for *nix systems
  • Full Frontal Nerdity - A comic for nerds and alikes
  • gotAPI - Language manuals and guides
  • IlTucci (it) - Blog di un caro amico!
  • Larry Osterman - Techblog of an experienced Microsoft developer
  • Lightforce Games (Flash&JS)
  • my del.icio.us page - my del.icio.us page
  • Online virus scanning - Online virus scanning
  • Order of the Stick - Best D&D Comic EVER!
  • pinvoke.net - Wiki for P/INVOKE from .NET languages (C#, VB.NET)
  • Programmers Heaven - Free programming resources
  • ScriptSpot (3dsmax) - Free scripts for 3ds max
  • Sourceforge - The biggest free (as in freedom) software library
  • SpamUsement - Great site, where everyday spam becomes funny comics :)
  • Sudoku di Repubblica (it) - Il sudoku di Repubblica! :)
  • Tom’s Bug Blog - Brain teasers for programmers