New Windows bug makes auto-email worms possible (yet again)

["Richard M. Smith" <rms () computerbytesman com>]

A proper email client shouldn't be displaying EMF image files in the first
place.  JPEGs, GIFs, and PNG files are the Internet standards for image
files.

Richard


http://labs.idefense.com/intelligence/vulnerabilities/

This vulnerability also can be triggered through e-mail. If the e-mail
client can automatically display images embedded in the e-mail, the
user only needs to open the e-mail to trigger the vulnerability.
Currently an EMF file is used as test attack vector. Outlook and
Outlook Express will automatically display EMF image and trigger the
vulnerability. Lotus Notes and Thunderbird do not display EMF images in
e-mail directly, but the vulnerability still can be triggered when
opening or viewing the EMF attachment.

Remote exploitation of a heap-based buffer overflow vulnerability in
multiple versions of Microsoft Corp.'s Windows operating system allows
an attacker to execute arbitrary code with the privileges of the
current user.

This vulnerability specifically exists in the InternalOpenColorProfile
function in mscms.dll. When a malformed parameter is supplied, a
heap-based buffer overflow can occur, resulting in an exploitable
condition.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.