[Dshield] (no subject)

Jarrod Frates jfrates.ml at gmail.com
Tue Jan 10 16:03:07 GMT 2006

The POC has already been released, though as of right now, I don't see
mention of it on the ISC site.  The two files are 68B in size.  In my
testing, one crashed Explorer and forced a restart, and the other crashed
Explorer, but it wouldn't completely die until I restarted the system.  I
haven't yet had time to look deeply into them, but it has at least a strong
potential for annoyance right now.


On 1/9/06, Hernandez, Moses <MHernandez3 at mercymiami.org> wrote:
> Anyone worried by this? After my experience reverse engineering and
> repairing a machine with really bad spyware caused by WMF (story on my blog
> soon: mhernandez.blogspot.com) I am really worried.
> ---snip---
> Published: 2006-01-09,
> Last Updated: 2006-01-09 18:27:08 UTC by William Salusky (Version: 1)
> We had hoped the chapter on WMF exploits had finally been closed, pending
> the patching of countless millions of vulnerable workstations of
> course.  However, today we were forwarded a Bugtraq disclosure of two
> additional functions vulnerable to memory corruption attack within the
> Microsoft graphics rendering engine.  The flaw reportedly affects the
> 'ExtCreateRegion' and 'ExtEscape' functions and while there has been no
> current proof of concept exploit/DoS code publicly released we will be
> watching this issue closely.
> reference: http://www.securityfocus.com/bid/16167  (Sorry, you have to
> cut/paste).
> http://isc.sans.org/diary.php?storyid=1031
> **********************************************************************************************
> IMPORTANT: The contents of this email and any attachments are
> confidential. They are intended for the
> named recipient(s) only.
> If you have received this email in error, please notify the system manager
> or the sender immediately and do
> not disclose the contents to anyone or make copies thereof.
> *** Mercy Hospital has scanned this email for viruses, vandals, and
> malicious content. ***
> **********************************************************************************************
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list