Paul's Security Weekly (Audio) PSW - WMF Summary
Jun 2, 2005
The discussion kicks off with a deep dive into the WMF vulnerability in older Windows systems, showcasing how easily attackers can exploit it. The hosts critically evaluate application vulnerabilities in browsers and share personal malware experiences, touching on controversial remediation methods. The conversation shifts to the exploitation of GDI DLLs and the inadequacies of current security measures. A fascinating look at discreet botnets reveals their tactics to evade detection. Finally, the Core Force product is introduced, designed to bolster defenses against the WMF exploit.
AI Snips
Chapters
Books
Transcript
WMF Enables Direct Remote Code Execution
- The WMF bug is a pure remote code execution vulnerability that lets attackers execute arbitrary code via image rendering.
- Paul Sidorian warns it bypasses traditional overflow mitigations and is phenomenally easy to exploit.
Image Rendering Calls Put Many Apps At Risk
- Any app that renders images using the vulnerable GDI call is at risk, including browsers and indexing services.
- Paul Sidorian names Internet Explorer, Firefox, and Google Desktop as affected examples.
Work Machine Infected With Spyware
- Paul relates an incident where a workplace machine was infected and installed lots of spyware after a WMF exploit.
- He uses the example to show real-world impact beyond theoretical risk.
