[unisog] 0-day Windows Metafile Defect Being Exploited

Christian Wagner wagnerck at mail.utexas.edu
Thu Dec 29 02:27:22 GMT 2005


Gary Flynn wrote:

> In case you haven't seen it yet....
> 
> <http://www.jmu.edu/computing/security/#wmf>

More details:

http://www.securityfocus.com/bid/16074/info
http://secunia.com/advisories/18255/
http://www.f-secure.com/weblog/archives/archive-122005.html
http://isc.sans.org/diary.php?date=2005-12-28

Status of some common AV software's detections:

http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
http://vil.mcafeesecurity.com/vil/content/v_137760.htm

This is very ugly. To quote one source:

"The thumbnail view in Windows Explorer will parse the graphics files in a 
folder, even if the file is never explicitly opened. This is enough to trigger 
the exploit. Even more frightening is that you don't have to use the thumbnail 
view for a thumbnail to be generated. Under some circumstances, just 
single-clicking on the file will cause it to be parsed."

-- 
Christian Wagner - Microcomputer Applications Specialist
Department of Germanic Studies - University of Texas at Austin
wagnerck at mail.utexas.edu - (512) 232-6353


More information about the unisog mailing list