Tuesday, January 10, 2006

WMF exploits - Two new areas of vulnerability?

There may be two new areas of attack for malformed WMF files, which
may not be covered by MS06-001? So far, no exploits in the wild have
been reported and I am watching this new potential exposure.
Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption
QUOTE: Microsoft Windows WMF graphics rendering engine is affected by
multiple memory corruption vulnerabilities. These issues affect the
'ExtCreateRegion' and 'ExtEscape' functions. These problems present
themselves when a user views a malicious WMF formatted file containing
specially crafted data. Reports indicate that these issues lead to a
denial of service condition, however, it is conjectured that arbitrary
code execution is possible as well. Any code execution that occurs
will be with the privileges of the user viewing a malicious image. An
attacker may gain SYSTEM privileges if an administrator views the
malicious file.
But let us stay calm as it is not 100% sure yet, that we will have a new problem.
The time was too short for me to look into this very closely.
Microsoft official response to today's Bugtraq disclosure will be posted shortly at: http://blogs.technet.com/msrc/