Linked by Thom Holwerda on Sat 31st Dec 2005 16:55 UTC
Windows Microsoft acknowledged late Wednesday the existence of a zero-day exploit for Windows Metafile images, and said it was looking into ways to better protect its customers. Even worse, by the end of the day nearly 50 variants of the exploit had already appeared. One security company said the possibilities were endless on how the flaw could be exploited. 'This vulnerability can be used to install any type of malicious code, not just Trojans and spyware, but also worms, bots or viruses that can cause irreparable damage to computers,' said Luis Corrons of Panda Software.
Thread beginning with comment 80446
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Yesh it is...
by ZaNkY on Sat 31st Dec 2005 20:29 UTC in reply to "RE: Yesh it is..."
Member since:

Sorry to go off topic again ;)

I totally agree, there are many safeguards against it, but again, someone who knew how to get around them *could* get it done if it were his goal. Even if it required a rebott, chances are the user would never see it comming anyways. I was merely bringing out the possibility. Remember, Hardware is controlled with software.

And as far as I know, it's not that hard to get a program to run in Ring0, if it is done through Assembly. I have the link somewhere.... I'll look it up ;)

But hey, I'm not here to argue. Again, I doubt that such harmful code would find its way into a wmf exploit. More like some dumb skidy "format c:" or some other dumb trivial thing.

good points sappyvcv.


Reply Parent Score: 1

RE[3]: Yesh it is...
by sappyvcv on Sat 31st Dec 2005 20:50 in reply to "RE[2]: Yesh it is..."
sappyvcv Member since:

No, someone who knows what they are doing doesn't have anything to do with it. You simply can't do that much to hardware through code, even if it's ring0 and assembly (it doesn't matter if it's assembly, you can do inline asm in various high level languages).

You can only run in ring0 if you're running as a device driver, the end.

Reply Parent Score: 1

RE[4]: Yesh it is...
by ma_d on Sat 31st Dec 2005 21:50 in reply to "RE[3]: Yesh it is..."
ma_d Member since:

Yea. So you run as a device driver.

There's no reason to damage hardware in a virus/worm. Your code won't get very far if it destroys all of its hosts!

You can do nasty things to some disks by playing with their settings wrong. But you'd have to know how to do it on each disk. It would just be too hard to make a virus which does real damage by destroying hardware! Maybe a Mac virus could get the job done? There's much less hardware to attack there.

Reply Parent Score: 1