WindowsのWMF脆弱性 パッチが出た

Graphics Rendering Engine の脆弱性によりコードが実行される可能性がある
(912919) (MS06-001)
公開日: 2006年1月6日 | 最終更新日: 2006年1月6日


When curious readers follow the link to a web server under, they are hit with a WMF file that immediatly downloads a botnet client via tftp and runs it. In case the WMF exploit wouldn't work, the front page of the site also contains an exploit against older versions of Firefox, using the "InstallVersion.compareTo()" flaw. The downloaded client will connect to a botnet hosted via several IRC servers.

F-Secure Anti-Virus detects the WMF exploit in question as Exploit.Win32.IMG-WMF and the downloaded trojan as Breplibot.Q. Abuse reports have been sent about the sites abused in this scam.

Administrators: you might want to block these at your gateways:
http access to playtimepiano[dot]home[dot]comcast[dot]net (do not visit this site)
tftp (ie. UDP) access to
IRC access to
IRC access to
IRC access to
IRC access to
IRC access to



by SIGNAL-9 | 2006-01-06 09:53 | 情報保護・セキュリティ
<< 「ニセ科学」とどう向き合ってい... WindowsのWMF脆弱性 >>