WMF Exploit
Kevin Spicer
kevins at BMRB.CO.UK
Mon Jan 2 19:01:55 GMT 2006
On Fri, 2005-12-30 at 10:06 +0000, Randal, Phil wrote:
> My head hurts after reading this :-)
>
> http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/ora-wmf.html
>
Damn, so my 'file' rule only matches one type of wmf file and not the
one used in the public exploit. Thats unfortunate to say the least. It
also seems from SANS that there is a new harder to detect version of the
exploit about http://isc.sans.org/diary.php?date=2006-01-01
Not looking forward to tomorrow when everyone goes back to work...
=================================================================
BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB Limited accepts no liability
in relation to any personal emails, or content of any email which
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list