Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: WMF Generator SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WMF Generator

We received notification last night that a working exploit "MS Windows Metafile (WMF) Remote File Download Exploit Generator" has been released to the public.  The code takes advantage of the "Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution", MS# MS06-001.  The exploit code will generate a .wmf that downloads and executes a specified URL.  The sad part to this story is that we have a set of 'plug & play' source code for evil-doers to spread their wares with.  And only 10 days after a patch has been released. 

 Additionally, as noted by reader Juha-Matti Laurio, we can expect to see variants coming very soon.  The group responsible for this release is well-known for this.


150 Posts
ISC Handler
Jan 16th 2006

Sign Up for Free or Log In to start participating in the conversation!