eBiz Help Affordable Web Conferencing Sign up for a free trial or request a free quote today Write 10,000 lines of code in 10 minutes! Iron Speed Designer – Free Evaluation Enhance and Expand the Capabilities of Outlook Take Control of Outlook With Professional Add-In Solutions Recent Articles How Will Your Network Be Compromised? Every time I attend a "Security Guru's" meeting, I'm amazed by how much time and effort is spent on discussing the complex hacking and computer compromise of computer networks and systems... Most People Unaware of IM Threats IMLogic recently conducted a survey of 1,100 enterprise instant message users, and found that most people unknowingly expose their computers and company networks to security threats... The Rigmarole of Norton Internet Security Notwithstanding the Dell Hell saga of last year, I love my Dell Dimension XPS Gen 5 which I bought in August. From a hardware point of view, it works perfectly. No issues whatsoever, so I'm a more than... 01.11.06 New WMF Vulnerabilities Found By John Stith Microsoft continues to have problems with its WMF handling. While the zero-day problem was corrected, other problems have crept up around the very same program. Microsoft released the fix last week but it looks like they've got some more work to do. The problems involve two different functions being exploited, "ExtCreateRegion" and "ExtEscape." The function originally exploited was the "SetAbortProc." These are multiple memory corruption vulnerabilities. While there are problems with the new findings, they aren't quite as serious as the other one. The problem itself shows up when users view malicious WMF files with special data. The effects of this exploit are still under some discretion. It's been established these vulnerabilities lead to denial-of-service attacks. There's some debate, however, as to whether or not arbitrary code execution is possible. Alex Eckelberry said on his Sunbelt Blog: Any code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file. He went on to say in an update that: Increase Your Conversion and Sales With Speaking Animated Characters For Your Website His vulnerability is more related to triggering a denial of service attack on a vulnerable system. The exploit code we have observed does not prove that code could be run on a machine (unlike the last WMF exploit), but this type of danger is always an issue with buffer overflows. We will keep this blog updated with the latest relevant news. These vulnerabilities are just newest in a large number of security problems Microsoft has had with Windows in recent years. These were more prominent in XP although they stretched across the Windows product line. The problems continue to occur and they've not even fixed all the problems in this one application. Who knows what else is in there? As Microsoft gears up for the release of Windows Vista this year, one can only hope these issues will be overcome. Windows isn't cheap software and users have a reasonable expectation to think their computers should be safe from harm. Microsoft must be more agressive in tracking down these issues not only in existing versions of Windows but in the upcoming Vista as well. Otherwise, loyal customers will continue to suffer for Microsoft's lack of diligence. About the Author: John is a staff writer for SecurityProNews covering cyber security. AboutEnterpriseSecurityNews Security news and updates for your enterprise EnterpriseSecurityNews is brought to you by: SecurityConfig.com NetworkingFiles.com NetworkNewz.com WebProASP.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com CProgrammingTrends.com ITmanagementNews.com

-- EnterpriseSecurityNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2006 iEntry, Inc. All Rights Reserved Privacy Policy  Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article