More Unpatched Bugs Loose In Microsoft WMF

Filed under: — By Aviran Mordo @ 6:58 pm

Just days after Microsoft rushed out a patch for a bug in Windows Metafile (WMF) image processing, a security company has warned customers that multiple memory corruption vulnerabilities in the same rendering engine could leave users open to attack.

“An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code,” Symantec said in a vulnerability alert issued through its DeepSight Management System.

The bugs may be associated with the one patched Thursday by Microsoft, but they involve different functions of the Windows WMF rendering engine, added Symantec, which highlighted the various values and structures within the engine which could be exploited.

“Reports indicate that these issues lead to a denial-of-service condition, however, it is conjectured that arbitrary code execution is possible as well,” the Symantec alert went on.

If true, the dangers of these new vulnerabilities are identical to the flaw that Microsoft fixed last week. Like that bug, these newly-discovered vulnerabilities can be exploited with a maliciously-crafted WMF file that’s posted on a Web site, opened from an e-mail attachment, or launched with Microsoft or third-party image applications

Source: informationweek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress