myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

New WMF Exploit version emerges - ISC returns to Yellow alert

There is a "new and improved" edition of the WMF exploit that does not use a WMF extension.  It also varies in size randomly to better evade AV detection.  A code Yellow alert has been issued by the Internet Storm Center.  There is little or no AV protection available, so extra caution should be used.

New exploit released for the WMF vulnerability - YELLOW
http://isc.sans.org/diary.php?storyid=992 

A copy of the actual exploit can be found at FrSIRT for anyone wanting to review the code, but please use caution.  The exploit generates files with the following characteristics:

* with a random size;
* no .wmf extension, (.jpg), but could be any other image extension actually;
* a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
* a number of possible calls to run the exploit are listed in the source;
* a random trailer

Published Dec 31 2005, 06:11 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems