NetDefend IPS
IPS Advisories
NetDefend
Anti-Virus
Anti-Virus Advisories
NetDefend Web Content Filtering
NetDefend Update Center
IPS History
Sep 15, 2017
Sep 08, 2017
Jul 21, 2017
Jul 14, 2017
Jun 16, 2017
Anti-Virus History
Sep 21, 2017
Sep 19, 2017
Sep 18, 2017
Sep 17, 2017
Sep 15, 2017







Home > NetDefend Live > NetDefend IPS Service
NetDefend IPS Service
Print
Advisory ID
7244
Name
WMF Escape
IPS Signature
Maintenance IPS Signature
IPS Group
FROM / EXT / EXPLOIT
Issued
Dec 30, 2005
Description
The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).
Solution
http://hexblog.com/2005/12/wmf_vuln.html
Refferences
http://www.milw0rm.com/id.php?id=1391
http://wvware.sourceforge.net/caolan/ora-wmf.html
http://www.csee.umbc.edu/~squire/download/WinGDI.h
http://windowssdk.msdn.microsoft.com/library/en-us/multimed/htm/_win32_escape.asp
http://msdn.microsoft.com/library/en-us/gdi/prntspol_0883.asp
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1298.html
http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html
http://isc.sans.org/diary.php?storyid=975
http://www.securityfocus.com/archive/1/420288/30/0/threaded
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.bleedingsnort.com/forum/viewtopic.php?forum=3&showtopic=1544
http://www.securityfocus.com/bid/16074
http://www.frsirt.com/english/advisories/2005/3086
http://secunia.com/advisories/18255
http://www.kb.cert.org/vuls/id/181038
cve
CVE-2005-4560
Enter your details in the box below to receive an email each time we post a new issue of our newsletter.







Sep 25, 2017