0 Members and 2 Guests are viewing this topic.
Just days after Microsoft Corp. patched a critical vulnerability in the way the Windows operating system renders certain types of graphics files, a hacker has published details of two new flaws that affect the same part of the operating system. The new vulnerabilities were posted to the Bugtraq security mailing list on Monday by a hacker going by the name of "cocoruder." ( http://msgs.securepoint.com/cgi-bin/get/bugtraq0601/90.html) All three flaws concern the way Windows renders images in the Windows Metafile (WMF) format used by some CAD (computer-aided design) applications, but these latest flaws are far less serious than the vulnerability that Microsoft patched last week, according to security experts. That vulnerability was serious enough to cause Microsoft to take the unusual step of releasing an early patch to the problem, ahead of its monthly security software update. While the patched flaw was being exploited by attackers to take control of Windows machines, the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer. However, users would first need to trick a victim into viewing a specially crafted WMF image in order for this to happen, security experts say. The vulnerabilities can be found in a number of versions of Windows, including Windows XP, Service Pack 2, Windows Server 2003, Service Pack 1, and Windows 2000, Service Pack 4.
Author
Topic: Patched WMF Exploit Requires Patching ? (Read 950 times)
