MyCity » Zaštita od zlonamernih programa » WMF ranjivost Windows-a + (update link)

WMF ranjivost Windows-a + (update link)

Napisano na dan: 30.12.2005

Strana:
1
2
3
4
5

WMF ranjivost Windows-a + (update link)

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5

BMW Poslao: 30 Dec 2005 22:25 Idi na vrh
offline BMW Ugledni građanin Pridružio: 25 Mar 2005 Poruke: 314	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za kav 6 beta ne treba?

Profil
Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.

Bane12 Poslao: 30 Dec 2005 22:39 Idi na vrh
offline Bane12 Super građanin Pridružio: 11 Sep 2005 Poruke: 1282 Gde živiš: Pa gde i do sada	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: @SSpin ti imas 5.375 ok pa kazes da nema linka ka 5.0.388 personal ako ti treba za personal evo dacu ti ga [Link mogu videti samo ulogovani korisnici] Dopuna: 30 Dec 2005 22:39 @BMV za 6.xxx netreba

Profil

SSpin Poslao: 31 Dec 2005 10:01 Idi na vrh
offline SSpin Saradnik foruma Pridružio: 09 Dec 2004 Poruke: 6488 Gde živiš: Nis -> *Durlan City*	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok ovo radi tnx

Profil

KAV Distributer Poslao: 31 Dec 2005 12:00 Idi na vrh
offline KAV Distributer Singi SINGI Pridružio: 22 Avg 2003 Poruke: 787 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo jos detalja o ovome iz KL-a, ovaj put od najmladjeg (po dolasku u KL) clana istrazivackog tima, Roel Schouwenberg-a (Senior Research Engineer, Kaspersky Lab Benelux): As I'm sure you've heard by now, attackers are taking advantage of an unpatched vulnerability which gets exploited by .wmf files. Dozens of sites are already hosting malicious .wmf files. In addition to this, the sites are distributing so called 'anti-spyware applications' (which require the infected user to pay) and other malware, such as Trojan-Spy.Win32.Small.ee, which isn't directly related to these applications. Naturally we've been doing some research on this vulnerability and we've come up with some interesting findings. At first glance it seems that hardware-based Data Execution Protection, which is available only with XP/SP2 on NX-bit (AMD) and XD-bit (Intel) enabled CPUs, prevents successful exploitation of the vulnerability. We've tested on AMD and Intel platforms and HW DEP seemed initially to prevent successful exploitation in Internet Explorer and Windows Explorer. However, when testing the latest builds of third party image viewers like Irfanview and XnView HW DEP didn't prevent exploitation, even with HW DEP enabled for all programs. This is because both Irfanview and XnView are packed with ASPack and Windows disables HW DEP for ASPack packed files. This shows that although HW DEP can help, it's by no means a solution. Perhaps the most worrying thing about this whole issue is that NTFS rights have no effect on whether or not the vulnerability will be exploited. Some people run under a limited user account (which among other things restricts NTFS rights). This may make people feel that they are protected from malware. In this case, nothing could be much further from the truth. The attackers seem very well aware of this fact and have already released malware which will be downloaded and executed in a directory where a limited user has execution rights. Our testing has also revealed that although Windows 2000 is not vulnerable by default, it is potentially vulnerable. If the Windows 2000 system has an image viewer which supports .wmf files installed, there's a high chance that the system will be vulnerable. Image viewers like Irfanview and XnView rely on the vulnerable file to show .wmf files. Exploitation also successfully occurs on Windows 2000, with testing carried out on 2000/SP4 with all the latest patches. The good thing however is that Internet Explorer will ask you (at least once) if you want to open or save the .wmf file instead of opening it by default. WinXP Pro64 bit edition is also vulnerable. However, as all shellcode is written for IA32 processors the exploits won't work. Specific x64 shellcode needs to be written for the exploit to work. The chances of this happening (on a large scale) is slim as only a small number of users run WinXP Pro64 bit edition. We've released heuristic detection for malicious .wmf files which exploit the new vulnerability. Suspicious files will be detected as Exploit.Win32.IMG-WMF.

Profil

SSpin Poslao: 31 Dec 2005 12:08 Idi na vrh
offline SSpin Saradnik foruma Pridružio: 09 Dec 2004 Poruke: 6488 Gde živiš: Nis -> *Durlan City*	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:We've released heuristic detection for malicious .wmf files which exploit the new vulnerability. Suspicious files will be detected as Exploit.Win32.IMG-WMF. Pa jel ce moci da se obrise, virus, kad bude pronadjen?Mislim,... jel izasao lek, najnovijim update-om i onim patch-om?

Profil

KAV Distributer Poslao: 31 Dec 2005 12:20 Idi na vrh
offline KAV Distributer Singi SINGI Pridružio: 22 Avg 2003 Poruke: 787 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SSpin ::Citat:We've released heuristic detection for malicious .wmf files which exploit the new vulnerability. Suspicious files will be detected as Exploit.Win32.IMG-WMF. Pa jel ce moci da se obrise, virus, kad bude pronadjen?Mislim,... jel izasao lek, najnovijim update-om i onim patch-om? Kada ga presretne "real-time" pomocu baze ili heuristike - ne treba lecenje jer nece ni proci A sto se brisanja tice sa masine na kojoj je vec na neki nacin dospeo, najbolje je da odgovori BANE12 koji ga je detektovao jos juce na svom kompu...do nas jos nije stigao pa ne zelim da pricam napamet. Ipak, cak i da ne brise odmah, iz iskustva znam da ce ga brisati uskoro jer je politika KL-a da sto pre "izbace" definiciju kako bi se sprecio prodor, a onda nesto kasnije se izbaci i dezinfekcija (gde je moguce) kroz neki od sledecih update-a....dok se to ne desi otkriveni zarazeni fajl je bezbedno zakljucan u karantinu pa nema potrebe za brigom...

Profil

Puky Poslao: 31 Dec 2005 13:20 Idi na vrh
offline Puky Scottish rebel Pridružio: 18 Apr 2003 Poruke: 5815 Gde živiš: u Zmajevom gnjezdu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Patch radi sa i 5.0.237

Profil

Bane12 Poslao: 31 Dec 2005 14:40 Idi na vrh
offline Bane12 Super građanin Pridružio: 11 Sep 2005 Poruke: 1282 Gde živiš: Pa gde i do sada	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @ KAV Distributer znas onu narodnu ko prvi. E, ja sam taj inace Kav ga je momentalno oljustio sa ovim patch-om dopuna na" Puky": i ja sam ga probao na 5.0.237 i radi Garantovano i na 5.0.375 instalirao i probao i bitno je da ga je detektovao i primio patch @SSpin neznam kako tebi nije uspelo????? [Puky - PLS malo interpunkcije koristi i stilski slozi post da se zna kome sta pises.]

Profil

^next^ Poslao: 31 Dec 2005 16:17 Idi na vrh
offline ^next^ Elitni građanin Pridružio: 20 Feb 2005 Poruke: 1715 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i a-squared je ubacio detekciju ovih trojanaca update:added detection for WMF exploit

Profil

Bane12 Poslao: 31 Dec 2005 17:13 Idi na vrh
offline Bane12 Super građanin Pridružio: 11 Sep 2005 Poruke: 1282 Gde živiš: Pa gde i do sada	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Definicija je vec izasla sa patch-om tako momci nema zime zato sto je Kaspersky vec ubacio taj deo koji je falio zato momci i devojke uzivajte i nema problema i samo instalirajte taj patch i SREĆNA VAM NOVA 2006 ako nekome treba bilo koji patch neka napise ovde i dobice ga odma svima u [Link mogu videti samo ulogovani korisnici] ipak da sacuvamo ovaj nas predivan Forum koji je to i zasluzio

Profil

MyCity » Zaštita od zlonamernih programa » WMF ranjivost Windows-a + (update link)

Ko je trenutno na forumu

Ukupno su 1429 korisnika na forumu :: 118 registrovanih, 7 sakrivenih i 1304 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, 100jan, 33 bren, A.R.Chafee.Jr., Abebe Bikila, Aleksa 3215, ALEKSICMILE, Alen1987, alex71, ALFASPORTIVO, amaterSRB, annon, Apok, Automaticar, Avalon015, Ba4e, Bbbggg1979, bobu, bojankrstc, Boris BM, Bosnjo, burevestnik, cikadeda, CioRio, colji, CrazyDiablo, Crazzer, Dare, darkkran, Darko8, darkojbn, dekan.m, Dimitrise93, DonRumataEstorski, Dorcolac, draganl, Feller, Futog 74, Georgius, GT, hatman, Ir, IvanMiletic, Jager715510, Jakonjveliki, JK, jodzula, Jomini, JOntra, Kawasaki1000, Kepinger, koom0001, Kosmos Banja Luka, kovacicbozo, kubura91, Limeni91, luka35, maksi007, Marko Marković, marko308, Mercury, Metanoja, micke83, MiGac, mikrimaus, milenko crazy north, Miler88, Milos1389, milos97, mm1811, monomah, mux, mxzzz, N.e.m.a.nj.a., Natuzzi, Ndsk, nebidrag, nenorodjo, neutrino, oganj123, omen, Parker, pedjolino76, pein, prasinar, procesor, proka89, R_038, Sevatar, Shilok, Smajser, Solunac na steroidima, Sonic, SOVO515, Srle993, Superastro, T55, Tandrčak, Tastatura ratnik, theNedjeljko, tritonus, TTN, Tunguska55, Valter071, Vaske8990, vathra, vlada035, Walkers, xAlex2, Zastava, Zedi100, zeka013, zemljanin, zlaya011, zokizemun, zombicar153, Zoran1959, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by