Code for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) files is in the wild and is now being exploited on fully patched systems by malicious attackers.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition. Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.
"This is a zero-day exploit, the kind that give security researchers cold chills," according to Sunbelt's blog. "You can get infected by simply viewing an infected WMF image."
Continued...
http://www.eweek.com/article2/0,1895,1906177,00.aspMore info here:
http://blogs.washingtonpost.com/securityfix/2005/12/exploit_release.htmlhttp://www.informationweek.com/news/showArticle.jhtml?articleID=175700809http://news.com.com/Trojan+delivers+unwanted+gift+to+Windows+PCs/2100-7349_3-6011406.html
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore