Thread: Exploit WMF exploit

http://www.frsirt.com/exploits/20051...etafile.pm.php

http://www.frsirt.com/exploits/20060...mpareto.pm.php


Risk of Windows WMF attacks jumps 'significantly,' security firm warns
'WMF exploitation has started to take off in the wild,' says an iDefense official

There's more to this story:

> Microsoft says 'wait for us' as WMF threat climbs
> Windows WMF flaw: How to protect against attacks
> Update: Microsoft patch for WMF flaw to be released Jan. 10
> Malicious hackers exploit zero-day Windows flaw

Related to this topic

> Sidebar: CISOs Move Beyond Tech

Additional Resources

Security White Papers

Exploring Spyware and Adware Risk Assessment

This paper posits a working definition of spyware and adware, and considers several ways in which this definition allows the impact from the introduction of these ...

More Security white papers
Symantec's Antispyware Approach and Solutions:Empowering Organizations...
Building Blocks of Transparent Web Security: Server-Gated Cryptography...
Managing Complexity with Integrated Message Management

Security Webcasts

Cyber-Terrorism and Security

In this webcast from Storage Networking World, author Dan Verton says corporations can be viewed as the weakest links in the country's infrastructure, and IT storage ...

More Security webcasts
Selling Security to the CFO

Security Briefings

Patch Management
This executive bulletin discusses patch management strategies and related security issues. Also included are reports on wireless LAN security and training issues.

Download this bulletin, for a limited time, compliments of PatchLink

More Security briefings
Spyware
Building an Antivirus Defense
The E-mail Security Imperative
Our Hottest Security Tips

News Story by Sharon Machlis

JANUARY 01, 2006 (COMPUTERWORLD) - Attempts to exploit a flaw in Windows WMF files have "become increasingly serious over the past two days" with "significant developments ... in the past few hours," according to a New Year's Day alert issued by iDefense Inc.
"Risk has gone up significantly in the past 24 hours for any network still not protected against the WMF exploit," it said.


Attacks are carried out through a vulnerability in the way Windows XP and Windows Server 2003 handle corrupted Windows Metafile graphic files (see "Malicious hackers exploit zero-day Windows flaw"). So far, it appears that Windows Data Execution Prevention software or disabling Windows' shimgvw.dll file will block WMF attacks to date, according to iDefense.


The HappyNY.A attack has been using an e-mail with the subject "happy new year" and includes the attached file HappyNewYear.jpg. That file, actually a hostile WMF file, installs the Bifrose backdoor Trojan in the victim's system when the file executes.


Websense Security Labs says it is tracking "several dozen" Web sites seeking to use the WMF vulnerability. More information is available on the Websense blog at www.websensesecuritylabs.com/blog.


"WMF exploitation has started to take off in the wild," iDefense spokesman Ken Dunham said in an e-mail statement. "Dozens if not hundreds of WMF exploiting sites are likely to be reported in the coming days and weeks.


"A new, upgraded WMF exploit was posted to the public today and is highly functional," Dunham added.


For more on this, see "How to protect against Windows WMF attacks".

yeah i have heard of this thing on secunia by the way any one knows how to compile the exploit code i mean wht is the language used to code the exploit at
http://www.frsirt.com/exploits/20051...etafile.pm.php

u cannot compile this one... its a module for metasploit framework...
www.metasploit.org

br

Natok

yeah read about this on illmob.org the other day

looks like they had to take there site down

Due To Government Pressure The website will be taking a undetermined vacation... -Illmob staff

lol illmob.org problem govern I don't understand because thing treated the website illmob.org memory to have visited if I am not wrong it had many rat bacdoor
Natok very interesting the WebSite metasploit.org

yeah i would never download anything from there

it was a while back now when there was disccusion about illmob back-dooring there apps

but have some intresting stuff on main page to read now and again

rofl.. the whole site is still there, the only different is the index page had the govt. pressure message. they have tons of texts on various subjects. yeah i heard illwill has been under investigation for quite some time now regarding his attempts to sell the leaked windows source code to an undercover agent. anyone else heard about this? I believe I read it on CNN or some other news site during the summer. I'll post a link if I can find one.

wht is a metaspoit framework thing looks like you are talking a very advanced topic in here cool weird,, well how could i build the wmf file then???? anyone interested

cheers:confused:

ThemanBehindTheBars wht is a metaspoit framework thing looks like you are talking a very advanced topic in here cool weird,, well how could i build the wmf file then???? anyone interested cheers

here is 1 you can compile in c++ and use.

Yep, very easy to use, hot rod!

Also found this one (compiled, too) there:
http://www.illmob.org/files/0day/wmf-maker.rar