Computer Crime Research Center


Windows needs more patching

Date: January 11, 2006

Numerous additional problems with Windows' handling of .wmf format files have been identified, according to reports.

Submissions to the bugtraq mailing list recently highlighted flaws in the handling of such files by Windows' Graphics Rendering Engine that could result in the application being used to view the files crashing. This would usually be Internet Explorer.

Such risks certainly put the new discoveries way down the list compared to the .wmf flaw for which Microsoft rushed out a patch, as it could be exploited to run code remotely.

Microsoft recently patched a critical flaw in the way Windows renders certain types of graphic files. To no avail, as just days later a hacker has published two new WMF bugs that exploit the same part of the Windows OS.

However, the new exploitations are far less dangerous than last week's incident, according to computer security analysts. The new bugs could cause the WMF-viewing software to crash, rather than taking control of the PC.

One security analyst said: "New malformed images that simply crash things aren't really that important unless they can be shown to cause code to execute. This is only getting any attention because its WMF and Microsoft just released a WMF patch."
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo