Page 1 of 1
NEW EXPLOIT
Posted: Thu Dec 29, 2005 7:42 pm
by richardj
Date: 29th December 2005
Issue: SECURITY WARNING!
Dear Richard,
...sorry to interrupt your busy day.
I just wanted to make you aware of a *NEW* security
threat that currently has NO PATCH available...
This is serious so when you have a few moments please
visit this article I have now posted to my website and
discover how you might get infected and how to protect
yourself!!!
Here is the article:
http://www.updatexp.com/wmf-exploit.html
What I did was copy the known sites into my host file with the 127.0.01 in front of each of course.
Archived topic from Iceteks, old topic ID:4058, old post ID:33302
NEW EXPLOIT
Posted: Thu Dec 29, 2005 8:30 pm
by Red Squirrel
Interesting. I'm curious to see if it would work for me, since those embed type plugins NEVER work for me, so I don't even think it would execute. I should add those to my DNS server so they don't resolve.
Archived topic from Iceteks, old topic ID:4058, old post ID:33304
NEW EXPLOIT
Posted: Tue Jan 03, 2006 10:31 pm
by richardj
OK--
Now Microstuff won't release a patch for this untill the 10 th
(PATCH TUESDAY!__WHOOT!)
It's supose to be so dangerous that the web gurus came up with their own patch:
The wmfhotfix.dll is injected into any process loading user32.dll. The DLL then patches (in memory) gdi32.dll's Escape() function so that it ignores any call using the SETABORTPROC (ie. 0x09) parameter. This should allow Windows programs to display WMF files normally while still blocking the exploit.
The version of the patch located HERE has been carefully checked against the source code provided as well as tested against all known versions of the exploit. It should work on WinXP (SP1 and SP2) and Win2K. 
I installed it & nothing blew up yet.
CUS YOU JUST CAN'T WAIT 
Archived topic from Iceteks, old topic ID:4058, old post ID:33386
NEW EXPLOIT
Posted: Thu Jan 05, 2006 9:39 pm
by Chris Vogel
Microsoft have
released a patch.
I’ll probably download this update on the next “Patch Tuesday” and then uninstall the unofficial one. The official patch doesn’t seem to fix anything that the unofficial patch didn’t, so I’m not in a hurry.
Archived topic from Iceteks, old topic ID:4058, old post ID:33421
NEW EXPLOIT
Posted: Thu Jan 05, 2006 9:48 pm
by sintekk
I'm curious to know if there was any valid use for the WMF in Windows 2000 and up, since it seems to be mainly legacy code, apparently. I haven't heard of this thing until the exploit and unofficial patch came out.
Archived topic from Iceteks, old topic ID:4058, old post ID:33422
NEW EXPLOIT
Posted: Thu Jan 05, 2006 11:27 pm
by richardj
Tak wrote: Microsoft have
released a patch.
I’ll probably download this update on the next “Patch Tuesday” and then uninstall the unofficial one. The official patch doesn’t seem to fix anything that the unofficial patch didn’t, so I’m not in a hurry.
LOL
Yeah you beat me to posting -it was just released today.
I downloaded it as I went thru the update site & I didn't bother to uninstall the 'unofficial' one.
So far no problems.
Archived topic from Iceteks, old topic ID:4058, old post ID:33426