December 2005
Unpatched vulnerability in Windows XP
ID: 01138
Ref: 1070/05
Date: 28 December 2005:13:03:24
Version: 1
Title: Unpatched vulnerability in Windows XP
Abstract: There are reports of active exploitation of a new vulnerability related to image rendering in Windows XP.
Vendors affected: Microsoft
Operating systems affected: Microsoft
There are reports of active exploitation of a new vulnerability
related to image rendering in Windows XP. The Windows Picture and Fax
Viewer is used to view Windows Meta Files (WMF) and is reported as
being vulnerable. Note that this is the default viewer used by Internet
Explorer and some versions of Firefox for WMF files.
Current reports state that the attack vector being used is embedded
malicious images on web pages hosted at unionseek[DOT]com. This
vulnerability could equally be exploited through the delivery of a malicious
email.
There is additional information available at the following URL's:
http://isc.sans.org/diary.php?storyid=972
http://www.securityfocus.com/bid/16074/info
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
http://www.f-secure.com/weblog/#00000752
There is no patch currently available to repair this vulnerability.
In the interim consider the following mitigation:
- block access to the unionseek[DOT]com domain
- block WMF files in your HTTP and SMTP content checkers
- ensure anti-virus software is fully updated
There have been no reports of activity related to this vulnerability
from the Uniras community.