Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Microsoft Windows Explorer DoS
updated since 25.02.2007
Published: 26.02.2007
Source: SehaTo
SecurityVulns ID: 7301
Type: local
Level: 5/10
Description: Application (explorer.exe) crashes on browsing folder with corrupted WMF file (no need to click file itself).

Affected: MICROSOFT : Windows XP
MICROSOFT : Windows 2003
CVE: CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.)

Original document 3APA3A, Few unreported vulnerabilities by SehaTo (26.02.2007)

sehato, Explorer WMF File Denial Of Service (25.02.2007)

Files: Microsoft Windows explorer crash PoC
Discuss: Read or add your comments to this news (4 comments)

	vnkbabu: this vulnerability is same as one addressed in ms bullentin ms06-001 27.02.2007 12:59:04
	the vulnerability on malformed wmf file is same as one addressed in ms bulletin ms06-001. for details refer http://www.kb.cert.org/vuls/id/181038 Here he is given some type of malformed WMF headers. I think your wmf file is also one of that type.

		3APA3A: Re: this vulnerability is same as one addressed in ms bullentin ms06-001 27.02.2007 15:55:18
		Probably it's not, because patched windows still crashing.

			vnkbabu: Re: this vulnerability is same as one addressed in ms bullentin ms06-001 02.03.2007 6:50:07
			hai the wmf file starting with hexa decimal values 0x01, 0x00, 0x09, 0x00 all are vulnerable. i think this is patched in ms06-001. please cross check it.

				3APA3A: Re: this vulnerability is same as one addressed in ms bullentin ms06-001 02.03.2007 12:39:30
				I have KB912919 (ms06-001) installed. Explorer still crashing: C:\WINDOWS\$NtUninstallKB912919$>dir c:\windows\system32\gdi32.dll ... full text

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)