Yet in my defense, CERT calls it a "buffer overflow" ;)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Peter Ferrie
> Sent: Thursday, December 29, 2005 11:51 AM
> To: full-disclosure@lists.grok.org.uk
> Subje
Peter wrote:
> Perhaps you should read about it on Microsoft's site.
> It's not a buffer overflow. WMF files since at least Windows
> 3.0 days have been allowed to carry executable code in the
> form of their own SetAbortProc handler. This is perfectly
> legitimate, though the design is a po
On Thu, 29 Dec 2005, Peter Ferrie wrote:
Perhaps you should read about it on Microsoft's site. It's not a buffer
overflow. WMF files since at least Windows 3.0 days have been allowed
to carry executable code in the form of their own SetAbortProc handler.
This is perfectly legitimate, though t
>TrendMicro has released pattern file = 3.135.00
>It appears to pick up all the trojans using the WMF exploit as of right
>now. Variants could affect this however.
If they're blindly detecting anything that contains the SetAbortProc, then
they're detecting the legitimate use of a documented func
Valdis worte:
> Anti-virus researcher Andreas Marx of Av-Test.org has
> concluded an annual round of testing to see how well the
> various anti-virus programs responded to recent outbreaks of
> viruses and worms.
> The results appear to show that while the major anti-virus
> products are still
]
Between 16 and 18 hours>[none]
Between 18 and 20 hours>eTrust-VET
More than 20 hours--->[none]
http://blogs.washingtonpost.com/securityfix/2005/12/antivirus_resea.html
- Original Message -
From: "Todd Towles" <[EMAIL PROTECTED]>
To: &quo
As anyone tested the well known Irfanview product? It defaults takes
over WMF files from the Microsoft Product.
-Todd
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Got a new test of it this morning? I am surprised Norton doesn't have it
yet.
TrendMicro has released pattern file = 3.135.00
It appears to pick up all the trojans using the WMF exploit as of right
now. Variants could affect this however.
Is this buffer overflow pretty specific like the older G
