This module exploits a vulnerability in the way WMF metafile images are handled by Microsoft Windows Graphics Rendering Engine. In this new version, the generated metafile is much more random and fully compliant with the file format. Additionally, the payload tries to escape to another process, then returns from the callback transferring the execution flow back to the host application, hiding exploitation from the user's perception. Note that the exploit will be moved to the Exploits/Client Side category after applying this update.
Sunday, February 26, 2006 - 18:00