Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Another WMF attack vector? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another WMF attack vector?
We had hoped the chapter on WMF exploits had finally been closed, pending the patching of countless millions of vulnerable workstations of course.  However, today we were forwarded a Bugtraq disclosure of two additional functions vulnerable to memory corruption attack within the Microsoft graphics rendering engine.  The flaw reportedly affects the 'ExtCreateRegion' and 'ExtEscape' functions and while there has been no current proof of concept exploit/DoS code publicly released we will be watching this issue closely.

reference:  (Sorry, you have to cut/paste).


39 Posts
Jan 9th 2006

Sign Up for Free or Log In to start participating in the conversation!