33 replies to this topic

[AplusWebMaster]

FYI...

MS Windows Metafile (WMF) Remote File Download Exploit Generator
- http://isc.sans.org/...hp?storyid=1047
Last Updated: 2006-01-16 17:14:37 UTC
"We received notification last night that a working exploit "MS Windows Metafile (WMF) Remote File Download Exploit Generator" has been released to the public. The code takes advantage of the "Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution", MS# MS06-001. The exploit code will generate a .wmf that downloads and executes a specified URL. The sad part to this story is that we have a set of 'plug & play' source code for evil-doers to spread their wares with. And only 10 days after a patch has been released... we can expect to see variants coming very soon. The group responsible for this release is well-known for this."

[AplusWebMaster]

FYI...

Exploits from AMD?
- http://www.f-secure....eblog/#00000795
January 30, 2006 - Posted by Mikko @ 16:51 GMT
"We're not sure what's going on in here, but there's something wrong at AMD's user discussion forum, located at forums[dot]amd[dot]com. If you visit the site (and please don't visit it right now), you get a WMF exploit sent to you right from the front page..."

[AplusWebMaster]

More on this:

- http://news.zdnet.co...l?tag=printthis
January 30, 2006
"...The forums were taken offline as soon as AMD learned of the exploit, said Drew Prairie, a spokesman for the Sunnyvale, Calif.-based chipmaker. The forums are maintained by another company that apparently failed to update its software in order to protect against the exploit, he said. Prairie was unaware of the name of the company, which is dealt with by AMD's staff in Europe. The forums were back online late Monday afternoon. A poster started a thread on Saturday warning other forum users about the exploit..."

[AplusWebMaster]

FYI...

WMF Exploits Sold By Russian Hackers
- http://www.techweb.c..._section=700028
February 02, 2006
"The Windows Metafile (WMF) bug that caused users -- and Microsoft -- so much grief in December and January spread like it did because Russian hackers sold an exploit to anyone who had the cash, a security researcher said Friday. The bug in Windows' rendering of WMF images was serious enough that Microsoft issued an out-of-cycle patch for the problem in early January, in part because scores of different exploits lurked on thousands of Web sites, including many compromised legitimate sites. At one point, Microsoft was even accused of purposefully creating the vulnerability as a "back door" into Windows. Alexander Gostev, a senior virus analyst for Moscow-based Kaspersky Labs, recently published research* that claimed the WMF exploits could be traced back to an unnamed person who, around Dec. 1, 2005, found the vulnerability. "It took a few days for exploit-enabling code to be developed," wrote Gostev in the paper published online, but by the middle of the month, that chore was completed. And then exploit went up for sale. "It seems that two or three competing hacker groups from Russia were selling this exploit for $4,000," said Gostev..."
* http://www.viruslist...=178619907#zero