iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > XP Victim Of Zero-Day Exploit
Search:
[ insider_reports_insider ]

XP Victim Of Zero-Day Exploit



John Stith
Staff Writer
2005-12-28

SecurityProNews: Insider Reports Insider Reports RSS Feed


The nightmare of software companies is the zero-day vulnerability and it's hit Windows. The exploit is tied to Windows' image rendering or more specifically, Windows Metafile (WMF). The vulnerability is being actively exploited and there is no patch.

Zero-day Breaks Windows
Zero-day Breaks Windows

Information about the download started floating around the next on Tuesday afternoon and a number of security sites have picked up on it. Security Focus posted a bulletin last night around midnight.

According to F-Secure's blog, "the Trojan downloaders, available from unionseek[DOT]com, have been actively exploiting this vulnerability. Right now, fully patched Windows XP SP2 machines are vulnerable with no known patch."

The patch a number of Windows operating systems including Server 2003 Datacenter Edition, 2003 Enterprise Edition, 2003 Standard Edition, 2003 Web Edition, XP Home Edition and XP Professional. The known threats being distributed including Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev. F-Secure also said some of these install antimalware programs like Avgold.

According to Secunia's website:

The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

According Sunbelt's blog by Alex Eckelberry, this exploit goes further than IE also. It includes older versions of Firefox as well as current versions of Opera and Outlook. Eckelberry said on the blog "that any application that automatically displays a WMF image will cause the user's machines to get infected."

Keep in mind that while F-Secure mentioned the one site, there are others because this is a publicly available exploit. It's probably going to generate some nastier stuff too. As Eckelberry put it, "Folks, I've seen it with my own eyes and this is a really bad exploit. Be careful out there."





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds