In association with heise online

08 August 2006, 11:32

Denial of Service through new WMF hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A proof of concept exploit that creates a manipulated WMF image has been published on the security mail list Full Disclosure. It causes Explorer to crash when the program processes the image.

The error occurs in the CreateBrushIndirect() function in the GDI32 API. The error was analysed by its discoverer in another posting: it can cause a crash because of a random memory access. The hole does not appear to be capable of allowing malicious code to be planted.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit