funsec mailing list archives
New Windows bug makes auto-email worms possible (yet again)
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 13 Aug 2008 11:44:52 -0500
A proper email client shouldn't be displaying EMF image files in the first place. JPEGs, GIFs, and PNG files are the Internet standards for image files. Richard http://labs.idefense.com/intelligence/vulnerabilities/ This vulnerability also can be triggered through e-mail. If the e-mail client can automatically display images embedded in the e-mail, the user only needs to open the e-mail to trigger the vulnerability. Currently an EMF file is used as test attack vector. Outlook and Outlook Express will automatically display EMF image and trigger the vulnerability. Lotus Notes and Thunderbird do not display EMF images in e-mail directly, but the vulnerability still can be triggered when opening or viewing the EMF attachment. Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system allows an attacker to execute arbitrary code with the privileges of the current user. This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- New Windows bug makes auto-email worms possible (yet again) Richard M. Smith (Aug 13)
- Re: New Windows bug makes auto-email worms possible (yet again) Bryon Roche (Aug 13)
- Re: New Windows bug makes auto-email worms possible (yet again) Richard M. Smith (Aug 13)
- Re: New Windows bug makes auto-email worms possible (yet again) Bryon Roche (Aug 13)