Re: WMF Exploit

To: grasshopa@xxxxxxxxx
Subject: Re: WMF Exploit
From: Joshua <joshua.broussard@xxxxxxxxx>
Date: Tue, 03 Jan 2006 14:31:51 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=uOn7pjkD6KxwcPMbn7hmGEoZc6Fir428dPCR15ktV1gq9WAGDqY1+tm2RXgLU5QphfOr2IWVjjQuDG4UNEBwNF+qlE6xbWqkmIP51v1r4I+V5JvjVJIXxh4foI0hqwGU3SQ0SBSohInP8SvsbOE+89hIa3BFF7eTPTLEXUY3Cno=
In-reply-to: <20060101232913.27119.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060101232913.27119.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.7 (X11/20050923)

This is probably due to M$ thumbnail generation. You can disable thatand see if it fixes the problem...


grasshopa@xxxxxxxxxxxxxxxxx wrote:

I've tested the exploit on XP home and I've found that it does not even need a 
single click on my machine. Once the folder containing the file is open (this 
was in list view) the exploit will run.

Scary sh*t!

References:
- Re: RE: WMF Exploit
  - From: grasshopa

Prev by Date: Re: WMF browser-ish exploit vectors
Next by Date: iDefense Security Advisory 01.05.06: Blue Coat WinProxy Remote DoS Vulnerability
Previous by thread: Re: RE: WMF Exploit
Next by thread: WMF exploit
Index(es):
- Date
- Thread