HTML Exploit for Windows

[HTRegz]

Hey Hey,

I'd have to again say it's nothing...

I just ran it on my machine... fully patched... still nothing... yeah it locks up a bit trying to render the image at that size.. but that's it... the occasional freeze... nothing else..


The browser was locked while trying to display the image.. it is rather large.... It's just running "too" much on your computer at once.. eventually I got tired of waiting, and end tasked IE...

I suppose you could call it a browser DoS but given enough time it'd free itself up again.... it's just a matter of waiting.

Peace,
HT

[HTRegz]

Hey Hey,

I'd have to again say it's nothing...

I just ran it on my machine... fully patched... still nothing... yeah it locks up a bit trying to render the image at that size.. but that's it... the occasional freeze... nothing else..


The browser was locked while trying to display the image.. it is rather large.... It's just running "too" much on your computer at once.. eventually I got tired of waiting, and end tasked IE...

I suppose you could call it a browser DoS but given enough time it'd free itself up again.... it's just a matter of waiting.

Peace,
HT

[the_JinX]

Doesn't crash Konqueror (Slackware GNU/Linux)
Gives a nice huge pixelated image..

Doesn't crash Firefox 1.5 (Slackware GNU/Linux)
Just a huge big white page..

Couldn't test on Windows today... sorry..

[the_JinX]

Doesn't crash Konqueror (Slackware GNU/Linux)
Gives a nice huge pixelated image..

Doesn't crash Firefox 1.5 (Slackware GNU/Linux)
Just a huge big white page..

Couldn't test on Windows today... sorry..

[wildred]

http://www.haloscan.com/comments/ale...4060575607610/ was where the issue was first seen by me

[wildred]

http://www.haloscan.com/comments/ale...4060575607610/ was where the issue was first seen by me

[rapier57]

I would bet this has more to do with the system specific memory, video card/memory and other issues, not MS Windows XP, IE's, or FireFox's specific ability to render the .jpg.

Based on the comments on the link and here, it behaves different for different systems. So, I suspect this is more a hardware weakness, an available memory issue, or some compatibility with other installed software.

Since the issue isn't coming from a testing center or lab, where a controlled analysis is done, it could be anything.

As HT sez, it is nothing.

[rapier57]

I would bet this has more to do with the system specific memory, video card/memory and other issues, not MS Windows XP, IE's, or FireFox's specific ability to render the .jpg.

Based on the comments on the link and here, it behaves different for different systems. So, I suspect this is more a hardware weakness, an available memory issue, or some compatibility with other installed software.

Since the issue isn't coming from a testing center or lab, where a controlled analysis is done, it could be anything.

As HT sez, it is nothing.

[HTRegz]

Hey Hey,

So I was looking at the link wildred posted and I was wondering why I knew the name Alex Eckelberry... and then I saw the top of the page (SunbeltBlog)... So I hit sunbeltblog.blogspot.com and checked it out... there's this post about halfway down the page

Monday, January 09, 2006
Another WMF vulnerability
SecurityFocus has published an advisory on yet another WMF vulnerability.

We have seen no exploits in the wild on this one. We hope not to before Microsoft patches it.

Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.

These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.

Reports indicate that these issues lead to a denial of service condition, however, it is conjectured that arbitrary code execution is possible as well. Any code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.


Link here.

Update: This vulnerability is more related to triggering a denial of service attack on a vulnerable system. The exploit code we have observed does not prove that code could be run on a machine (unlike the last WMF exploit), but this type of danger is always an issue with buffer overflows. We will keep this blog updated with the latest relevant news.



Alex Eckelberry
(Thanks Adam)

The posts that wildred is showing are the comments that were left...

Alex's source was http://www.securityfocus.com/bid/16167/discuss

Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.

These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.

Reports indicate that these issues lead to a denial of service condition. Earlier conjectures that the issues may result in the execution of arbitrary code appear at this point to be incorrect. Attackers could force a crash or restart of the viewing application.

The person who posted that message obviously had shitty hardware... it locked up their machine so they just killed it and decided it was a Microsoft problem.... It's completely unreleated to Alex's topic...

So in other words it's nothing reported by a nobody..

Peace,
HT

[HTRegz]

Hey Hey,

So I was looking at the link wildred posted and I was wondering why I knew the name Alex Eckelberry... and then I saw the top of the page (SunbeltBlog)... So I hit sunbeltblog.blogspot.com and checked it out... there's this post about halfway down the page

Monday, January 09, 2006
Another WMF vulnerability
SecurityFocus has published an advisory on yet another WMF vulnerability.

We have seen no exploits in the wild on this one. We hope not to before Microsoft patches it.

Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.

These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.

Reports indicate that these issues lead to a denial of service condition, however, it is conjectured that arbitrary code execution is possible as well. Any code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.


Link here.

Update: This vulnerability is more related to triggering a denial of service attack on a vulnerable system. The exploit code we have observed does not prove that code could be run on a machine (unlike the last WMF exploit), but this type of danger is always an issue with buffer overflows. We will keep this blog updated with the latest relevant news.



Alex Eckelberry
(Thanks Adam)

The posts that wildred is showing are the comments that were left...

Alex's source was http://www.securityfocus.com/bid/16167/discuss

Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.

These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.

Reports indicate that these issues lead to a denial of service condition. Earlier conjectures that the issues may result in the execution of arbitrary code appear at this point to be incorrect. Attackers could force a crash or restart of the viewing application.

The person who posted that message obviously had shitty hardware... it locked up their machine so they just killed it and decided it was a Microsoft problem.... It's completely unreleated to Alex's topic...

So in other words it's nothing reported by a nobody..

Peace,
HT