Saturday, February 11, 2006

Two New Windows Wmf Flaws Found

Microsoft announced on TechNet last night two new flaws in Windows, one in viewing WMF files with older versions (pre 6.0) of Internet Explorer, and a second related to priviledge escalation in Windows XP and 2003 systems without the latest service packs.

The first flaw, which is vulnerable only to Internet Explorer 5.5 and 5.01, uses the now-familiar terminology that it "could allow an attacker to execute arbitrary code on the user's system" when they view a specially-crafted web page or email attachment. On the surface the flaw appears similar to the very critical WMF flaw discovered in late December, but is a different issue.

The second flaw affects only Windows XP SP1 and prior, along with Windows Server 2003 without SP1. Systems with the latest service packs are not vulnerabile. The vulnerability permits priviledge escalation in default Windows services as well as third party applications set with overly permissive access controls.

Patches for these two vulnerabilities are not widely expected until Microsoft's next patching cycle on February 14th.

Source :

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.