Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Another WMF attack vector? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another WMF attack vector?
We had hoped the chapter on WMF exploits had finally been closed, pending the patching of countless millions of vulnerable workstations of course.  However, today we were forwarded a Bugtraq disclosure of two additional functions vulnerable to memory corruption attack within the Microsoft graphics rendering engine.  The flaw reportedly affects the 'ExtCreateRegion' and 'ExtEscape' functions and while there has been no current proof of concept exploit/DoS code publicly released we will be watching this issue closely.

reference: http://www.securityfocus.com/bid/16167  (Sorry, you have to cut/paste).

William

39 Posts

Sign Up for Free or Log In to start participating in the conversation!