November 29, 2005 2:53 PM PST

Code exploits Windows flaw in image file handling

A correction was made to this story. Read below for details.

Computer code posted Tuesday can crash vulnerable Windows machines by exploiting a "critical" Windows flaw disclosed by Microsoft earlier this month.

The exploit code takes advantage of a flaw in the way Windows handles certain graphics files. Microsoft provided a patch in November with security bulletin MS05-053 and warned that the vulnerability could create an opening for spyware and Trojan horse attacks.

"Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS05-053," a company spokeswoman said Tuesday. Microsoft is not aware of any attacks that use the code, she said. The code was posted on various security Web sites.

"Initial investigation of this exploit code has verified that successful exploitation could lead to a denial-of-service attack...not remote code execution," the Microsoft spokeswoman said. With a denial-of-service attack a computer would crash, while remote code execution would mean the attacker has full control over a PC.

The MS05-053 update fixes bugs in the way Windows renders the Windows Metafile and Enhanced Metafile image formats. Microsoft tagged the patch "critical" for all its current operating system versions. The company said that to exploit the flaws, an attacker could craft an image and trick a Windows user into looking at it on a spoof Web site or in an HTML e-mail, for example.

The public release of the exploit code for the image handling flaw comes just days after computer code that takes advantage of another Windows flaw was posted to the Web. The public posting of exploit code could be a sign that an attack is coming, security experts have said.

Microsoft has urged all customers to apply the most recent security updates to protect their systems.

 

Correction: This story incorrectly stated the month Microsoft provided a patch for the imaging flaw. The patch was released in November.

1 comment

Join the conversation!
Add your comment
CERT disagrees with M$
Check out CERT's Vulnerability Note: VU#300549, where they state an attacker MAY BE ABLE to execute arbitrary code. While the published code they have uncovered may only allow DOS attacks, there is more to the story.
Posted by vreis (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.