Round two begins for Microsoft, as they are faced with yet another WMF vulnerability. A hacker who goes by the name "concoruder" posted his two newly discovered WMF vulnerabilities on Monday, on the popular security mailing list Bugtrap.
These two new WMF vulnerabilities are not as serious as the one patched last week, which allowed an attacker to take control of a Windows machine. At worst these new WMF exploits would crash any WMF-viewing software, such as Microsoft's Internet Explorer. According to the Bugtrap posting these vulnerabilities can be found in:
- Windows XP SP2
- Windows XP SP1
- Windows Server 2003 SP1
- Windows Server 2003
- Windows ME
- Windows 98se
- Windows 98
- Windows 2000 SP4
Due to the rather low security risk of these two vulnerabilities, Microsoft will most likely release a patch during its regular scheduled patch cycle.
View: Bugtrap Security Mailing List
View: More Information