A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows.
Secunia has classified the vulnerability as "Extremely Critical". It is currently unpatched and being exploited in the wild to spread spyware and viruses.
HD Moore has included this new exploit in his Metasploit Framework. The exploit was discovered by "noemaipls" and released onto the Bugtraq Security Mailing List.
Sunbelt Software, makers of CounterSpy, has reported via the FD Security Mailing List seeing this exploited on multiple sites and increasing in use. They also provided several live links to the exploit.
UPDATE (12/28/05) -
Here is the Exploit on the French Security Incident Response Team (FrSIRT) website, a known exploit release site.
Here is a demo video of the exploit from Websense Security Labs.
UPDATE (12/29/05) -
Microsoft has released a Security Advisory titled "Vulnerability in Graphic Rendering Engine Could Allow Remote Code Execution".
All versions of Microsoft Windows are open to this attack. But several special features in Windows 2003 SP1 can mitigate the attack when the vector is e-mail.
CERT Vulnerability Note VU#181038
It has also been reported that Google Desktop may be another potential attack vector and that various anti-virus software products cannot detect all known variants of exploits for this vulnerability.
IMPORTANT NOTE - We must also remember that WMF files can pretend to be other image files (JPEG, GIF, TIF, etc). Just because the file is named .gif, doesn't mean it really is. Windows will read the inside the file, see that it is a WMF and run as normal.
SunBelt has released a
No comments:
Post a Comment