Posted January 4, 200619 yr http://www.microsoft.com/technet/security/advisory/912840.mspx Pretty crazy... wish I knew how to do this :/. Microsoft is releasing the patch to fix it on the 10th ;0
January 4, 200619 yr http://www.microsoft.com/technet/security/advisory/912840.mspx Pretty crazy... wish I knew how to do this :/. Microsoft is releasing the patch to fix it on the 10th ;0 Sum it up for those of us who don't feel like reading it all, let alone clicking the link.
January 4, 200619 yr I read it but all it really said was that they are making a patch for the exploit, whatever it is.
January 4, 200619 yr Basically an exploit was found in the way windows handles WMF files, if exploited the computer can pretty much be controlled by the hacker. An update is scheduled for Jan 10th to fix it. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1155574,00.html
January 4, 200619 yr old, dumb, only coons that use internet explorer need to worry about it. now stop spam. oh by the way, just one more example of how incredibly inept microsoft is. they even have a working official patch made, but they refuse to release it till their monthly "omg lets update our security holes again" day
January 4, 200619 yr heklim']old, dumb, only coons that use internet explorer need to worry about it. now stop spam. oh by the way, just one more example of how incredibly inept microsoft is. they even have a working official patch made, but they refuse to release it till their monthly "omg lets update our security holes again" day not true, In firefox it'll load up asking if you want to open it in windows picture and fax viewer, and hey it's a picture right, not an exe. *click* oops you got exploited.
January 4, 200619 yr OverlordQ']not true' date=' In firefox it'll load up asking if you want to open it in windows picture and fax viewer, and hey it's a picture right, not an exe. *click* oops you got exploited.[/quote'] http://www.securityfocus.com/archive/1/420556 http://www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php
January 4, 200619 yr OverlordQ']not true' date=' In firefox it'll load up asking if you want to open it in windows picture and fax viewer, and hey it's a picture right, not an exe. *click* oops you got exploited.[/quote'] i suppose dumb coons that use firefox could get owned as well, but they would have to far surpass the stupidity of normal coons. oh, dumb white kids with no hearing left could fall for it i guess. didnt really think of that before.
January 4, 200619 yr OLD! The first exploit was first in December '05. It's very easy to make an exploit. And easy to fix it too. I have it fixed ^^
January 4, 200619 yr http://www.hexblog.com/2005/12/wmf_vuln.html Ilfak's hotfix for this, till Microsoft patches it. This has been throughly tested and is safe. Feel free to read more about it here: http://www.dslreports.com/forum/remark,15152503 Also includes instructions for removing the hotfix if needed or once the Microsoft patch comes out next week.
January 4, 200619 yr this is old, it was out since December 28th. Its an exploit, targeting Windows Metafiles, using a simple method that has been around for a very long time, but only discovered recently. The exploit, takes advantage of a simple routine in the handling of a .WMF file. When a WMF file is read by the operating system, the windows internals draws the image according to the instructions in the script. But if the script is to fail, a procedure is supposed to be ran as a backup. In this exploit, the script is purposfully failed and the backup procedure is ran, this procedure is what does the damage. The procedure can do anything, which malicious hackers are taking advantage of. Mostly installing tojans, IRCBots, Spyware, and compromising many systems to assimilate them into a bot-net. \ It remains unpatched and only a few small fixes stop this from happening temporarily until Microsoft comes up with a patch/.
January 4, 200619 yr this is old, it was out since December 28th. Its an exploit, targeting Windows Metafiles, using a simple method that has been around for a very long time, but only discovered recently. The exploit, takes advantage of a simple routine in the handling of a .WMF file. When a WMF file is read by the operating system, the windows internals draws the image according to the instructions in the script. But if the script is to fail, a procedure is supposed to be ran as a backup. In this exploit, the script is purposfully failed and the backup procedure is ran, this procedure is what does the damage. The procedure can do anything, which malicious hackers are taking advantage of. Mostly installing tojans, IRCBots, Spyware, and compromising many systems to assimilate them into a bot-net. \ It remains unpatched and only a few small fixes stop this from happening temporarily until Microsoft comes up with a patch/. lol nerd
January 4, 200619 yr lol nerd t3rm1ght owns you, just because you know jack shit doesn't mean he is a nerd.
January 4, 200619 yr i think i got this shit, i had to reformat my whole computer... fucking pissed me off if not i got something very serious lately
January 4, 200619 yr heklim']i suppose dumb coons that use firefox could get owned as well, but they would have to far surpass the stupidity of normal coons. oh, dumb white kids with no hearing left could fall for it i guess. didnt really think of that before. Wrong, heklim...ANY browser is susceptible, since what is it is an exploit of the fax and image viewer. What it works out as, is by posting a WMF on a stie that has particular modifications done to it, when it's downloaded as a file "cookie" into the temporary internet folder, and changed to a bmp instead of a WMF (something ALL browsers typically do), it's capable of causing a buffer overflow in the F&IV built into NT2K, NT2K3, ME, and XP which is still automatically associated with such files, even if they haven't actively been clicked by the user (at least according to industry releases regarding the exploit) Personally, though, I haven't managed to get it to RUN any code for me unless the person has accepted the WMF, and actually double-clicked it (LOOKED at in in F&IV), but then again, maybe I haven't been doing it completely correctly (taking full advantage of the exploitable situation)
January 5, 200619 yr PsychoBud']Wrong, heklim...ANY browser is susceptible, since what is it is an exploit of the fax and image viewer. What it works out as, is by posting a WMF on a stie that has particular modifications done to it, when it's downloaded as a file "cookie" into the temporary internet folder, and changed to a bmp instead of a WMF (something ALL browsers typically do), it's capable of causing a buffer overflow in the F&IV built into NT2K, NT2K3, ME, and XP which is still automatically associated with such files, even if they haven't actively been clicked by the user (at least according to industry releases regarding the exploit) Personally, though, I haven't managed to get it to RUN any code for me unless the person has accepted the WMF, and actually double-clicked it (LOOKED at in in F&IV), but then again, maybe I haven't been doing it completely correctly (taking full advantage of the exploitable situation) yep, like i said, dumber than average coons, or deaf white kids living in australia are the only ones at risk. or if you use ie for normal browseing, it will fuck you over automatically then, but that would qualify you as a dumbshit anyway. oh, and so you know, you dont even need a browser for this to own you. and it is old, whoever said it came out on the 28th.
January 5, 200619 yr http://www.microsoft.com/technet/security/advisory/912840.mspx Pretty crazy... wish I knew how to do this :/. Microsoft is releasing the patch to fix it on the 10th ;0 This guy created a fix for it. Been all over techsites today. http://www.hexblog.com/ Ilfak Guilfanov is far from a household name. But that may soon change as the Russian software developer's unauthorized Microsoft security patch is increasingly installed onto computers worldwide. In a rare move, security experts at the SANS Institute's Internet Storm Center and at F-Secure are advising people to download Guilfanov's patch, which aims to fix a flaw in the Windows Meta File. This vulnerability has spawned a torrent of exploits that seek to take advantage of the wait while Microsoft works on its own patch. The software company has said it will release a WMF patch on Jan. 10, as part of its monthly security update cycle. That would come 14 days after the flaw was first publicly disclosed. People eager to download the unofficial patch inundated Guilfanov's personal Web site, which had to be temporarily shut down as a result. He has since reduced his home page to its bare minimum. In this case, Guilfanov, a senior developer at DataRescue in Liege, Belgium, has gained the trust of security companies, which usually are reluctant to suggest that customers use a patch from someone other than the original maker of the software. On Tuesday, Guilfanov, who lives in Belgium, explained to CNET News.com in an e-mail interview why he came up with his own answer to the Windows problem. from news.com
January 5, 200619 yr I googled "Windows Exploit" and got almost 12 million hits. We are all doomed. not all of us, only those dumb enough to still be on Windows.
January 5, 200619 yr not all of us, only those dumb enough to still be on Windows. or those dumb enough to actually download...or be unable to recognize..a virus or exploit or something of that sort.
