SecurityFocus has published an advisory on yet another WMF vulnerability.
We have seen no exploits in the wild on this one. We hope not to before Microsoft patches it.
Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the ‘ExtCreateRegion’ and ‘ExtEscape’ functions.
These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.
Reports indicate that these issues lead to a denial of service condition, however, it is conjectured that arbitrary code execution is possible as well. Any code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.
Link here.
Update: This vulnerability is more related to triggering a denial of service attack on a vulnerable system. The exploit code we have observed does not prove that code could be run on a machine (unlike the last WMF exploit), but this type of danger is always an issue with buffer overflows. We will keep this blog updated with the latest relevant news.
Alex Eckelberry
(Thanks Adam)