[41851] in bugtraq
RE: Is this a new exploit?
daemon@ATHENA.MIT.EDU (Portz, Jon)
Wed Dec 28 15:07:42 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 28 Dec 2005 08:47:42 -0500
Content-Type: multipart/signed;
boundary="----=_NextPart_000_002D_01C60B8B.2AFD7090";
protocol="application/x-pkcs7-signature";
micalg=SHA1
Message-ID: <8514767C16D263419C519FE32894B5A4148C51@sta0ex09.kforce.com>
From: "Portz, Jon" <jportz@kforce.com>
To: <noemailpls@noemail.ziper>, <bugtraq@securityfocus.com>
This is a multi-part message in MIME format.
------=_NextPart_000_002D_01C60B8B.2AFD7090
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Windows .wmf vulnerability, look here:
http://secunia.com/advisories/18255/
JTP
-----Original Message-----
From: noemailpls@noemail.ziper [mailto:noemailpls@noemail.ziper]
Sent: Tuesday, December 27, 2005 3:20 PM
To: bugtraq@securityfocus.com
Subject: Is this a new exploit?
Warning the following URL successfully exploited a fully patched windows xp
system with a freshly updated norton anti virus.
unionseek.com/d/t1/wmf_exp.htm
The url runs a .wmf and executes the virus, f-secure will pick up the virus
norton will not.
------=_NextPart_000_002D_01C60B8B.2AFD7090
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIwzCCAksw
ggG0oAMCAQICAw/3bjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDUxMjAxMjE1MTUwWhcNMDYxMjAxMjE1MTUwWjBDMR8wHQYDVQQD
ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFqcG9ydHpAa2ZvcmNlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzDowpduEMhXDay75CBzON7E+4f5q3xSFXban
mzxAFcd9nWy0DSJYBRsQpu6BmCTW+W2mKmEkec6nGXbyLbAV4DXN02ySlqm2JGsc7qvhOqcvy+Le
QVvL5F0c1E9DfzkvHa+0jkmORIJfo5fOQCtuA3No4Ed0HSiBEV/jKee/Ud0CAwEAAaMuMCwwHAYD
VR0RBBUwE4ERanBvcnR6QGtmb3JjZS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQB0ahvE5RQXQow8dJ/ff5OFzZoMqw1pWVclg6sGrfWAhrC10I86K7kA9iXiHc1ochJDq5PauBqx
lvtl+0kta1TbAaNp5vKu1dtfgqYCvxX2q1H1tXKf8groNNjzBO/Hpsc49l5z7DvwQECygv+BOdqI
V3ECv2dAqUAr7fN2WeKx8TCCAy0wggKWoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV
BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJ
ARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEy
MzU5NTlaMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD
YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg
Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBANRp19SwlGRbcelH2AxRtupykbCEXn0tDY97Et+FJXUodDpCLGMn
n5V7S+9+GYcdhuqj3bnOlmQawhRuRKx85o/oTQ9xH0A4pgCjh3j2+ZSGXq3qwF5269kUo11uenwM
pUtVfwYZKX+emibVars4JAhqmMex2qOYkf152+VaxBy5AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQEEBQADgYEAx+ySfk749ZalZ2IqpPBNEWDQb41gWGGsJrtSNVwIzzD7qEqW
ih9iQiOMFw/0umScF6xHKd+dmF7SbGBxXKKs3Hnj524ARx+1DSjoAp3kmv0T9KbZfLH43F8jJgmR
gHPQFBveQ6mDJfLmnC8Vyv6mq4oHdYsM3VGEa+T40c53ooEwggM/MIICqKADAgECAgENMA0GCSqG
SIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQH
EwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZp
Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1h
aWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMw
NzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls
IElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUE
cJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef
kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMB
AAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3Js
LnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYD
VR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+
hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC
3CEZNd4ksdMdRv9dX2VPMYICzzCCAssCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0ECAw/3bjAJBgUrDgMCGgUAoIIBvDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wNTEyMjgxMzQ2MTdaMCMGCSqGSIb3DQEJBDEWBBTlifT58PwF
CuLfUov/LoMO1ZbuxjBnBgkqhkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG
9w0CBTB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u
c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNz
dWluZyBDQQIDD/duMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZy
ZWVtYWlsIElzc3VpbmcgQ0ECAw/3bjANBgkqhkiG9w0BAQEFAASBgKxeIAiUtNgzZODxIpkPSOYt
zU+zSDJQT+XQ2ISlHIyHhS1JEs39XEhaOUIKgGHPCIJmMM7pNWp/Tv8ar9RsUKKbi30L+3ADscS5
9NLKCQC735BjMzYOUhanaVMXkRcH7ozMTDNYjLZ7obVSI85kmw4SJOJ/FBB8AognvNEXbnVcAAAA
AAAA
------=_NextPart_000_002D_01C60B8B.2AFD7090--
