**New Windows exploit using malicious images**

[chaos386]

There's a new exploit going around that allows a malicious user to compromise your computer just by having your browser load an image:

http://www.microsoft.com/technet/security/advisory/912840.mspx

The official fix from MS won't be out until the 10th, so just be careful until then. This definitely affects IE, and it may affect Firefox too (since it's an exploit of the OS, not just the browser).

 

[Viper007Bond]

Yeah, my dad sent me this earlier today. Good times.

 

[jensked]

it was even on the tv-news :?

Anybody tried this?
http://www.windowsonecare.com/

 

[hajj]

My virus scanner recognizes the images so I am not that worried, but why to they take so long to fix it?

 

[jensked]

My virus scanner recognizes the images so I am not that worried, but why to they take so long to fix it?

how do you know?

 

[Lusitano]

Software Security Incident Response Process (SSIRP)

:lol:

Bill is such a funny guy!

 

[hajj]

My virus scanner recognizes the images so I am not that worried, but why to they take so long to fix it?

how do you know?

I found a safe exploit that starts the calculator if you are vulnerable and as soon as the image gets on my pc, the virusscanner recognizes it.
Found it on a German securiety website. Anyone interested?

 

[oliB]

My virus scanner recognizes the images so I am not that worried, but why to they take so long to fix it?

how do you know?

I found a safe exploit that starts the calculator if you are vulnerable and as soon as the image gets on my pc, the virusscanner recognizes it.
Found it on a German securiety website. Anyone interested?

 

[bihus]

My virus scanner recognizes the images so I am not that worried, but why to they take so long to fix it?

how do you know?

I found a safe exploit that starts the calculator if you are vulnerable and as soon as the image gets on my pc, the virusscanner recognizes it.
Found it on a German securiety website. Anyone interested?

 

[jensked]

No we're not interested, we'd rather have our hard drives erased.

Of course we're interested, share share share !

 

[swek]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

3rd party hotfix if you want to take the risk (Some known incompatibilities with network and print equipment). http://216.227.222.95/

 

[jensked]

^ Norton intervenes when i click on that link...i suppose that's good?

 

[jayjaya29]

Yep AntiVir blocks something when I click the link as well. I suppose I'm protected.

 

[hajj]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

3rd party hotfix if you want to take the risk (Some known incompatibilities with network and print equipment). http://216.227.222.95/

Yeah that's the one...sorry just got back home...

 

[BerserkerCatSplat]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

AV programs will block that specific file, not the security vulerability. That file should not be used to test if your system is secure, because a real exploiting file will saunter right past AV software.

All one has to do is modify the payload to, say, install something that steals all your passwords and change the fields in the wmf header to something random/generic and it'll be totally blind to it.

 

[chaos386]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

3rd party hotfix if you want to take the risk (Some known incompatibilities with network and print equipment). http://216.227.222.95/

When I try to open that file, Data Execution Prevention closes it! I my Athlon 64!!!

 

[oliB]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

3rd party hotfix if you want to take the risk (Some known incompatibilities with network and print equipment). http://216.227.222.95/

When I try to open that file, Data Execution Prevention closes it! I my Athlon 64!!!

When I do it, the calculator starts! Crap, I thought Trend Micro Pc-Cillin was supposed to be the best Anti-Vir prog around?

EDIT: I'm currently using PC-Cillin 2005, looks like I can't update it anymore since the 2006 version was released. I might have to acquire the new version.

 

[fbc]

When I do it, the calculator starts! Crap, I thought Trend Micro Pc-Cillin was supposed to be the best Anti-Vir prog around?

Me too AVG isn't blocking it

 

[hajj]

Click here if you want to check your system: http://www.heise.de/security/dienste/browsercheck/demos/ie/wmfexp2.php

AV programs will block that specific file, not the security vulerability. That file should not be used to test if your system is secure, because a real exploiting file will saunter right past AV software.

All one has to do is modify the payload to, say, install something that steals all your passwords and change the fields in the wmf header to something random/generic and it'll be totally blind to it.

Yes true a little variation makes a big difference. i hope the fix will really come on monday.

 

[chaos386]

I'd just like to let everyone know that if you have an Athlon 64 and installed SP2 for Windows XP, you can enable Data Execution Prevention, which protects you from this exploit (apparantly) and from other buffer overrun exploits.