|
-
December 28th, 2005, 07:33 PM
#1
** HEADS UP ** IE vulnerability. EXTREMELY CRITICAL.
Greeting's
Here we go again  .
http://www.frsirt.com/english/advisories/2005/3086
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to an error in the rendering of Windows Metafile (WMF) image formats, which could be exploited by attackers to remotely take complete control of an affected system by convincing a user to open a malicious WMF file using a vulnerable application that renders WMF images (e.g. Windows Picture and Fax Viewer), or visit a specially crafted Web page that is designed to automatically exploit this vulnerability through Internet Explorer.
This unpatched vulnerability is currently being exploited in the wild. Other browsers are also vulnerable if a user chooses to manually download and view a malicious WMF file.
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
http://secunia.com/advisories/18255/
Exploit code is publicly available. This is being exploited in the wild
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD* 
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote