When is M$ meta file fix(just issued) not a fix?
- From: Jim Polaski <jpolaski@xxxxxxxxxxxx>
- Date: Tue, 10 Jan 2006 10:21:59 -0600
With the recent "fix" of course it appears.
http://www.techweb.com/article/showArticle.jhtml?articleId=175802806&pgno
=1
ust days after Microsoft rushed out a patch for a bug in Windows
Metafile (WMF) image processing, a security company has warned customers
that multiple memory corruption vulnerabilities in the same rendering
engine could leave users open to attack.
"An attacker may leverage these issues to carry out a denial-of-service
attack or execute arbitrary code," Symantec said in a vulnerability
alert issued through its DeepSight Management System.
The bugs may be associated with the one patched Thursday by Microsoft,
but they involve different functions of the Windows WMF rendering
engine, added Symantec, which highlighted the various values and
structures within the engine which could be exploited.
"Reports indicate that these issues lead to a denial-of-service
condition, however, it is conjectured that arbitrary code execution is
possible as well," the Symantec alert went on.
There's more in the article, and before you winnuts get all sweaty and
worked up, I'm the messenger, and it's also not as simple as not opening
an attachment in an email.
--
Regards,
JP
"The measure of a man is what he will do while
expecting that he will get nothing in return!"
.
- Prev by Date: Live (text) Keynote Links
- Next by Date: Re: Dell 30" LCD Monitor wins Best LCD!
- Previous by thread: Live (text) Keynote Links
- Next by thread: Funny Keynote Kartoon
- Index(es):
Relevant Pages
|
Loading
