Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom EspaƱol


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Training:


Offensive Countermeasures: Defensive Techniques That Actually Work:


SANSFIRE 2012 (July 7-8)


Blackhat 2012 (July 21-22 & 23-24)


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Visit PaulDotCom Insider


WMF Reloaded

By
Paul Asadoorian
on January 9, 2006 5:27 PM |
Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data. Reports indicate that these issues lead to a denial of service condition, however, it is conjectured that arbitrary code execution is possible as well.

Well, it is quite possible that we could see yet another rash of WMF exploitation. I believe that it is going to take time before we fully understand all of the different attack vectors and how to defend against them. Then of course there is the whole Win 9x/ME problem, which doesn't seem to be a problem, yet...


SecurityFocus BID
Bugtraq Posting
ISC Posting

.com

Categories: