Warning: Microsoft Windows WMF Handling Arbitrary Code Execution - Exploit In the Wild
Thursday, 29 December 2005 by Michel Roth
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

-This unpatched vulnerability is currently being exploited in the wild.-

A workaround is to not open or preview untrusted ".wmf" files and set security level to "High" in Microsoft Internet Explorer.

Read the full advisory here and study the exploit code here.

Updated: Read the Microsoft Advisory here.

Related Items:

Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
Microsoft Windows "itss.dll" Heap Corruption Unpatched Vulnerability (10 May 2006)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
Firefox IDN URL Domain Name Buffer Overflow (13 September 2005)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Citrix ICA Client ActiveX Control Heap Overflow Vulnerability (6 December 2006)
Zero Day Microsoft Word Unspecified Code Execution Vulnerability (20 May 2006)
Unpatched Internet Explorer Vulnerability, Exploit Released (8 November 2004)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy