WMF day-0 exploit

There is a security breach in the WMF (an old vectorial file format) support of Windows.
This is peculiar because :

It’s not protected by DEP by default
Even when it is, DEP may fail to protect the system
It may be used to infect any 32bit Windows as well as x64 an Itanium versions
It will infect users of Firefox, Opera and other alternative browsers and/or mail clients
If you have a local indexing service it may even infect systems using text only browsers or other get utilities
Visiting a malicious link, downloading a file without even opening its folder, even letting some antivirus programs scan your email can lead to infection

You can read more about it in these places :

Update:
Here are some attacking scenarios not included in the posts I read about the problem :

Malicious user copying infected files on a network share on a computer using an indexing service (it could be your file server if for whatever reason you have an indexing service running on it
Malicious user copying infected files on a network share on a computer which for whatever reason reads an image from the disk on an overwritable location
Internal malicious attacks on intranets
Very easy trap with instant messaging and P2P applications (since with indexing apps it might kill on just having the file..)
Malicious user overwriting the setup image of any software install disk shared on a network share
Forums and other “upload your photo” websites. I can’t wait to hear the first user on any forum complaining about the avatar of user X being a malicious wmf renamed as png. Maybe we will not hear him because everytime he enters the forum to complain he has to reinstall Windows

December 29, 2005 | Filed Under Security

Comments are closed.

About

A blog about whatever gets on my computer or any other programmable device I own. From Linux to .NET.
Social Networking

This is a Flickr badge showing public photos from Marco Mastropaolo. Make your own badge here.

Recently Written