Browsers Beware: Windows Metafile is the New ActiveX

1 comment

MicroSoft is investigating a claim that a Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, and are using the situation to push their anti spyware software.

InformationWeek reports:

Multiple Web sites, said Ken Dunham, the director of Reston, Va.-based iDefense's rapid response team, are using a working exploit to compromise Windows machines. Attackers need only to cajole users into visiting sites planted with malicious WMF files, or get them to open such image files sent as e-mail attachments.

"WMF exploitation has taken off in the past twelve hours," said Dunham. "It's likely that WMF exploitation will be very successful in the near term."

Comments

Yawn

.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.