On the heals of Microsoft's recent patch for the much-ballyhooed WMF vulnerability, still more WMF vulnerabilities were made known. The newly disclosed vulnerabilities aren't nearly as severe as their predecessor. had previously identified these issues as part of our ongoing code maintenance and \[we\] are evaluating them for inclusion in the next service pack for the affected products."
Unlike the previous metafile problem, no one has reported a way to use the new flaws to execute code. However, soon after two new metafile vulnerabilities were published two proof-of-concept files were made available on the Internet that demonstrate an ability to crash applications. Shortly thereafter another researcher pointed out a third metafile vulnerability which can also cause an application to crash.
Lennart Winstrand at Microsoft Security Response Center said that the company, "
Meanwhile independent researchers are undoubtedly looking more closely at the vulnerabilities to see if they can somehow be used to execute code.
Three More WMF Vulnerabilities Discovered
1 comment
Hide comments