Thread-topic: [SA18255] Microsoft Windows WMF Handling Arbitrary Code Execution
>
>
> TITLE:
> Microsoft Windows WMF Handling Arbitrary Code Execution
>
> SECUNIA ADVISORY ID:
> SA18255
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Microsoft Windows Server 2003 Datacenter Edition
>
> Microsoft Windows Server 2003 Enterprise Edition
>
> Microsoft Windows Server 2003 Standard Edition
>
> Microsoft Windows Server 2003 Web Edition
>
> Microsoft Windows XP Home Edition
>
> Microsoft Windows XP Professional
>
>
> DESCRIPTION:
> A vulnerability has been discovered in Microsoft Windows, which can
> be exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to an error in the handling of
> corrupted Windows Metafile files (".wmf"). This can be exploited to
> execute arbitrary code by tricking a user into opening a malicious
> ".wmf" file in "Windows Picture and Fax Viewer" or previewing a
> malicious ".wmf" file in explorer (i.e. selecting the file). This can
> also be exploited automatically when a user visits a malicious web
> site using Microsoft Internet Explorer.
>
> NOTE: Exploit code is publicly available. This is being exploited in
> the wild.
>
> The vulnerability has been confirmed on a fully patched system
> running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and
> Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected.
> Other platforms may also be affected.
>
> SOLUTION:
> Do not open or preview untrusted ".wmf" files and set security level
> to "High" in Microsoft Internet Explorer.
>
> PROVIDED AND/OR DISCOVERED BY:
> First reported in the wild by "noemailpls".
>
> Exploit code and additional information provided by H D Moore.
>
> ----------------------------------------------------------------------
