Three More WMF Vulnerabilities Discovered

On the heals of Microsoft's recent patch for the much-ballyhooed WMF vulnerability, still more WMF vulnerabilities were made known. The newly disclosed vulnerabilities aren't nearly as severe as their predecessor.

Unlike the previous metafile problem, no one has reported a way to use the new flaws to execute code. However, soon after two new metafile vulnerabilities were published two proof-of-concept files were made available on the Internet that demonstrate an ability to crash applications. Shortly thereafter another researcher pointed out a third metafile vulnerability which can also cause an application to crash.

Lennart Winstrand at Microsoft Security Response Center said that the company, "

had previously identified these issues as part of our ongoing code maintenance and \[we\] are evaluating them for inclusion in the next service pack for the affected products." 

Meanwhile independent researchers are undoubtedly looking more closely at the vulnerabilities to see if they can somehow be used to execute code.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.