Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another WMF attack vector?

Published: 2006-01-09
Last Updated: 2006-01-09 22:02:13 UTC
by William Salusky (Version: 2)
0 comment(s)
We had hoped the chapter on WMF exploits had finally been closed, pending the patching of countless millions of vulnerable workstations of course.  However, today we were forwarded a Bugtraq disclosure of two additional functions vulnerable to memory corruption attack within the Microsoft graphics rendering engine.  The flaw reportedly affects the 'ExtCreateRegion' and 'ExtEscape' functions and while there has been no current proof of concept exploit/DoS code publicly released we will be watching this issue closely.

reference: http://www.securityfocus.com/bid/16167  (Sorry, you have to cut/paste).

So, is there a new WMF remote code execution threat here?
Microsoft representative response:
"The short answer is no. These are not exploitable bugs (DoS only)"

The SANS handlers have been notified that a Microsoft official response to Today's Bugtraw disclosure will be posted shortly at:
http://blogs.technet.com/msrc/

<resume handler musings> However, Infosec history teaches us that where there is DoS(PoC), there very likely is remote code execution.  I myself will wait for smarter folks than myself to prove the statement.
Keywords:
0 comment(s)
Diary Archives