Just When You Thought It Was Safe to Open WMF Files — New Flaw Emerges

Just days after Microsoft released a patch for the WMF security vulnerability, reports of a pair of new WMF flaws have emerged.

The new vulnerabilities were posted to the Bugtraq security mailing list today by a hacker going by the name of “cocoruder.”

All three flaws concern the way Windows renders images in the Windows Metafile (WMF) format used by some computer-aided design applications, but the latest flaws are far less serious than the one Microsoft patched last week, according to security experts.

While the patched flaw was being exploited by attackers to take control of Windows machines, the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer. However, users would first need to trick a victim into viewing a specially crafted WMF image in order for this to happen, security experts say.

Johannes Ullrich, chief research officer at the SANS Institute, agreed that such image problems are fairly common, but he said that the fact that so many WMF vulnerabilities have popped up of late — Microsoft fixed three other WMF bugs in November — indicates that the software vendor could be doing a better job of predicting where its security problems might lie. Source: ComputerWorld

We Say: Better that they crash my system than turn it into a zombie. However, I seem to remember that Microsoft really downplayed the other WMF flaw at first as well. And Ullrich says in the SANS’ Handler’s Diary, “Infosec history teaches us that where there is DoS(PoC), there very likely is remote code execution. I myself will wait for smarter folks than myself to prove the statement.”

I agree; if anything’s going to be found, it won’t be by me. But keep an eye on RTN’s pages for any further developments.