Let's Be Careful Out There: New WMF Exploit Released
Via The SANS ISC.
On New Year's eve the defenders got a 'nice' present from the full disclosure community.
The source code claims to be made by the folks at metasploit and xfocus, together with a anonymous source.
The exploit generates files:
- with a random size;
- no .wmf extension, (.jpg), but could be any other image extension actually;
- a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
- a number of possible calls to run the exploit are listed in the source;
- a random trailer
From a number of scans we did through virustotal, we can safely conclude there is currently no anti-virus signature working for it. Similarly it is very unlikely any of the current IDS signatures work for it.