Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

[VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!

[es] :: Security :: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!

[ Pregleda: 3908 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

Mali Misha
Mihajlo Anđelković
NBGD

Član broj: 79396
Poruke: 379
*.powernet.bg.

ICQ: 195487525
Sajt: cpptea.com


+1 Profil

icon [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!03.01.2006. u 18:39 - pre 191 meseci
Naime, svi winovi od 1990 pa do sada su izlozeni novom flaw-u pri obicnom otvaranju slike u browser-u.

http://news.ft.com/cms/s/0d644...b3-11da-ab8e-0000779e2340.html

MOD: Izmenjen naslov zbog TOPovanja teme.

[Ovu poruku je menjao AleksandarNS dana 05.01.2006. u 23:09 GMT+1]
Ipak se ++uje.
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?03.01.2006. u 19:19 - pre 191 meseci
Već se danima prepričava o toj ranjivosti unutar Windows Graphics Rendering Engine-a. Zakrpa je u izradi pa će vjerojatno uskoro biti dostupna. Napraviti update definicija antivirusa!
Knowledge is power.
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?04.01.2006. u 09:01 - pre 191 meseci
Microsoft je najavio službenu zakrpu za 10. siječnja, no pojavila se i privremena zakrpa od Ilfak Guilfanova (poznatog po izradi IDA Pro-a) i prvotno je osvanula na Hex blogu (http://www.hexblog.com/2005/12/wmf_vuln.html) no on je trenutačno nedostupan. Od mnogih linkova na kojima se mogla skinuti (i koji više ne rade) probajte sljedeći koji trenutno radi:

http://www.savefile.com/files.php?fid=9338108

Zakrpa je namijenjena Windowsima 2000, XP (32 i 64-bitnim) i Server 2003. Ako ste primjenili privremeno rješenje odregistriranjem shimgvw.dll datoteke, sada to poništite odnosno ponovo registrirajte tu dll datoteku da bi ste ponovo imali thumbnailove (kucajte u Command Prompt sljedeće: regsvr32 shimgvw.dll).

Zakrpa sa gornjeg linka se nalazi u ZIP arhivi, kada ju skinete - otpakirajte ju i pokrenite datoteku wmffix_hexblog14.exe koja će pokrenuti instalaciju. Zakrpa se instalirava poput običnog programa, te se tako i deinstalirava (pomoću Add or Remove Programs u Control Panelu).
Knowledge is power.
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?04.01.2006. u 09:19 - pre 191 meseci
Novi link za privremenu zakrpu:
http://sunbeltblog.blogspot.co...e-download-for-unofficial.html

'Patch for WMF bug slated for next week'
http://www.securityfocus.com/brief/93

'Worries increase over WMF flaw'
http://www.securityfocus.com/brief/92

'Windows WMF flaw: How to protect against attacks'
http://www.computerworld.com/s...s/story/0,10801,107421,00.html

[Ovu poruku je menjao IcyImpact dana 04.01.2006. u 10:22 GMT+1]
Knowledge is power.
 
Odgovor na temu

devlyn

Član broj: 61818
Poruke: 5
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?04.01.2006. u 09:48 - pre 191 meseci
<Mali Misha> wrote in message

news:[email protected]

Citat:

Naime, svi winovi od 1990 pa do sada su izlozeni novom flaw-u pri obicnom

otvaranju slike u browser-u.


http://news.ft.com/cms/s/0d644...b3-11da-ab8e-0000779e2340.html




Prilicno dobar FAQ o svemu:

http://handlers.dshield.org/jullrich/wmffaq.html


--

p,

p.


 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?05.01.2006. u 12:20 - pre 191 meseci
Hexblog je proradio; http://www.hexblog.com/index.html
Knowledge is power.
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Da li je neko vec nacuo nesto o ovome?05.01.2006. u 18:02 - pre 191 meseci
Organizacija AV-Test je testirala niz antivirusnih alata pomoću 206 malicioznih datoteka koji iskorištavaju nezakrpani WMF propust.

Proizvodi koji su detektirali svih 206 malicioznih datoteka:

BitDefender
Computer Associates eTrust-VET
F-Secure
Kaspersky Lab
McAfee
Eset Nod32
Microsoft OneCare
Sophos
Symantec

...proizvodi koji su propustili detektirati jednu malicioznu datoteku:

Alwil Avast
Clam AntiVirus
Aladdin eSafe

...proizvodi koji su propustili detektirati mnoštvo malicioznih datoteka (u zagradi se nalazi i točan broj nedetektiranih malicioznih datoteka od strane pojednih antivirusnih programa):

Fortinet (18)
AntiVir (24)
eTrust-INO (25)
Panda (25)
Ikarus (26)
Norman (26)
Ewido (47)
AVG (59)
VirusBuster (61)
QuickHeal (63)
Trend Micro (63)
Dr Web (93)
VBA32 (110)
Authentium Command (119)
F-Prot (119)

http://news.com.com/Antivirus+...F+bug/2100-1002_3-6018696.html
Knowledge is power.
 
Odgovor na temu

Bhamby

Član broj: 50779
Poruke: 383
*.icentrala.net.



+5 Profil

icon Re: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!06.01.2006. u 06:15 - pre 191 meseci
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

 
Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+437 Profil

icon Re: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!06.01.2006. u 07:13 - pre 191 meseci
Eto nama i zvanicne zakrpe.
Citat:
Security Update for Windows XP (KB912919)
Brief Description
A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it.


Citat:
Quick Details
File Name: WindowsXP-KB912919-x86-ENU.exe
Version: 912919
Security Bulletins: MS06-001
Knowledge Base (KB) Articles: KB912919
Date Published: 1/5/2006
Language: English
Download Size: 711 KB
 
Odgovor na temu

AleksandarNS
Consultant
Novi Sad/Beograd

Član broj: 36938
Poruke: 1209
..mtsns-ns.customer.sbb.co.yu.



+4 Profil

icon Re: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!10.01.2006. u 11:28 - pre 191 meseci
Ponovo???

10 January 2006
Two new Windows bugs found

By Robert McMillan, IDG News Service

Two new flaws have been found in Windows, just days after Microsoft rushed out a patch covering the same part of the operating system.

A hacker going by the name "cocoruder" has posted details on the unpatched holes to the Bugtraq mailing list. They affect the same graphics rendering engine as the earlier WMF flaw - a hole so serious that security experts recommended people install a third-party patch rather than wait for Microsoft to produce its own.

However, the vulnerabilities are far less serious than the previous flaw in the Windows Metafile format, say security experts.

While the patched flaw was being exploited by attackers to take control of Windows machines, the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer. However, users would first need to trick a victim into viewing a specially crafted WMF image in order for this to happen, security experts say.

The vulnerabilities can be found in a number of versions of Windows, including Windows XP, Service Pack 2, Windows Server 2003, Service Pack 1, and Windows 2000, Service Pack 4.

Because of the inherent complexity of image formats, there are plenty of opportunities for attackers to find bugs similar to the two that were revealed Monday, said Russ Cooper, security analyst at Cybertrust.

But the new WMF vulnerabilities are not a major cause of concern, he said. "New malformed images that simply crash things aren't really that important unless they can be shown to cause code to execute," Cooper advised. "This is only getting any attention because its WMF and Microsoft just released a WMF patch."

Microsoft refused to comment on the new flaws.


http://www.techworld.com/security/news/index.cfm?NewsID=5120
It's a big mistake to allow computer to realise that you are in a hurry.
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!11.01.2006. u 14:11 - pre 191 meseci
Microsoft je danas izdao zakrpe za dva kritična propusta. Izdane zakrpe slijede onu objavljenu prošli tjedan. Zakrpe su došle dva dana nakon što su sigurnosni istraživači otkrili dvije dodatne ranjivosti u WMF-u. Ranjivosti, koje mogu uzrokovati DoS, se pojavljuju u načinu kako WMF Graphics Redering Engine procesira ExtCreateRegion i ExtEscape funkcije.

Više informacija:
http://www.securityfocus.com/brief/101
http://www.computerworld.com/s...21,00.html?SKC=security-107621
http://news.zdnet.com/2100-1009_22-6025413.html
Knowledge is power.
 
Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+437 Profil

icon Re: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!31.01.2006. u 16:24 - pre 190 meseci
Hm naleteh na ovaj komentar:
Citat:
The first WMF is easily exploitable and allows remote code execution. I have done it myself and it works both local and remote. The victim simply needs to open a .HTML redirecting to .WMF or directly open the .WMF with MS Picture and Fax Viewer (default Windows picture viewer) which leads to downloading my own executable off the web and running it (it could also easily install a spamhost or bind a shell but downloading a larger program and running it is a lot more fun)... Good luck, MS, you'll need it!

http://www.securityfocus.com/comments/newsbriefs/101/444#444
 
Odgovor na temu

[es] :: Security :: [VEST] Sigurnosni propust u Windows Graphics Rendering Engine-u!

[ Pregleda: 3908 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.