<< 29 December 2005 | Home | 31 December 2005 >>

Windows image-file 0-day exploit

A new 0-day Windows exploit is out. The exploit takes advantage of a built-in feature of the Windows Metafile image format that allows code to be executed if the Windows Metafile fails to load. Since this is a core Windows issue you will not be safe just resorting to Firefox. Actually just surfing to a website embedding a crafted image could infect your computer.

The workaround for now is to unregister the offending DLL on your Windows system. For more information refer to the show notes for the Sucurity Now! podcast episode 20.

Supplemental Resources and Links for Episode #20