Browsers Beware: Windows Metafile is the New ActiveX

1 comment

MicroSoft is investigating a claim that a Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, and are using the situation to push their anti spyware software.

InformationWeek reports:

Multiple Web sites, said Ken Dunham, the director of Reston, Va.-based iDefense's rapid response team, are using a working exploit to compromise Windows machines. Attackers need only to cajole users into visiting sites planted with malicious WMF files, or get them to open such image files sent as e-mail attachments.

"WMF exploitation has taken off in the past twelve hours," said Dunham. "It's likely that WMF exploitation will be very successful in the near term."




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.