Microsoft issued a new security advisory yesterday. Yet another WMF vulnerabilitiy.
(91333) Vulnerability in Internet Explorer Could Allow Remote Code Execution
This new advisory only relates to the following two cases :
1) Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
2) Internet Explorer 5.5 SP2 on Microsoft Windows Millennium
Note - This is not the same issue as the one addressed by MS06-001
Secunia Advisories (SA18729) - Highly Critical - System Access
Candidate CVE-2006-0020
It would appear that this might be connected to the flaw pointed out by HD Moore on the FunSec mailing list in Jan.
--------------------------------
More where that came from. The fun thing about these is that they DO apply to Windows 96, 98, 2000-2003, Vista. You can trigger it via RTF, directly inside IE, and anything else that loads metafiles. A fun bug you can find in a certain WMF parsing application...:
uint_size = wmf_header.size * 2;
ptr = malloc(uint_size);
read(fd, ptr, uint_size - sizeof(wmf_header));
:-)
-HD
---------------------------------
Upgrading to IE 6 SP1 is the suggested action on Windows 2000 SP4 and Windows ME
No patch for the older IE5. My suggested action would to get off Windows ME as soon as possible. The Win9x kernel is dead as dead...
No comments:
Post a Comment