Comments | laogeodritt: WMF Vulnerability

laogeodritt

WMF Vulnerability

Jan 01, 2006 13:04

Reminder: This online diary is friends-only. Please comment if you wish to be added. Naturally, I will only add you if I know and trust you.

THE EXPLOIT

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling ( Read more... )

Comments 10

firethanatos January 1 2006, 21:06:35 UTC

I don't feel like reading through all that, anyone wanna give a summary?

>.>;;;

moogleexe January 1 2006, 21:12:45 UTC

Your big pretty text makes me cry with happyness.

Fire, it's an XP vulnerability, use firefox, and don't save pictures from non-trusted sources.

laogeodritt January 2 2006, 01:01:20 UTC

THE EXPLOIT: Explanation of the exploit. In short, somebody found how to cause the Windows graphical engine to run arbitrary code. The exploti appears to be found in an obsolete command used to run code not available in the GDI natively. It's available in Windows XP for compatibility purposes.

THE WORKAROUND: Basically a suggestion of what to do to prevent or mitigate this exploit as best as possible.

Naturally, not downloadingimage files (including WMF) from untrusted sources (opening a folder in Windows Explorer contianing one can trigger the exploit), and using something other than IE which is greatly rooted into Windows and therefore is a possible attack vector by online media.

THE DETECTION: Basically a list of antivirus programs, and whether or not they can detect some or many files containing this exploit. Half is from the Microsoft website, the other is from my own research (also posted on the Talesforums) of the status of antivirus programs concerning this exploit.

Good enough, Grace? =P

firethanatos January 2 2006, 01:04:32 UTC

...Somehow I preferred Moog's explanation. *nods*

Thread 7

noctem January 1 2006, 21:57:33 UTC

*didn't understand any of that*

*reads Moog's easier summary instead* >_>;;

By the way, your first paragraph still says 'Xanga', maybe an edit is in order?

laogeodritt January 2 2006, 00:02:11 UTC

Oh, good idea. ~.~ I use both Xanga and LJ, so sometimes I tend to do that. P'raps I should just use the general terms "online journal" or "online diary".

laogeodritt January 2 2006, 00:07:51 UTC

IMO, the safest is to just disable shig-whatever.dll as seen in "THE WORKAROUND". And enable hardware DEP for all programs if your proc supports it. Of course, you'll lose image previews. Up to the user to weigh the risks to the convenience.