wmf never worked on my default winxp ever (DEP)

[devin.ertel at gmail.com (Devin Ertel)]

May be off subject a bit since you are on 64, but I would recieve the same
message while trying to open with paint.
The only way I could get the exploits to work is if it was opened in XP's
"Windows Picture and Fax Viewer"

I also had some Nero Image veiwer on my box, exploits never worked with this
either.

Also was wondering if anyone else had this issue. When I try the exploit
through IE and lastest virus defs. from symantec , symantec realtime picks
it up as Bloodhound.Exploit.56

If I just hit the image with firefox and download it locally and open it.
symantec doesnt say anything. I even manually scanned the file and symantec
still said nothing.


On 1/4/06, sandalwood <sandalwood at inmail24.com> wrote:
> First off, my problem was DEP. I run on AMD 64bit processor and
> apparently I am automatically protected (against my will:-)
>
> > https://metasploit.com/calc .bmp (remove the space between calc and
> .bmp).
>
> When I access this url it does:
>
> 1. security alert dialog
> (this is because of https - which btw you are very clever for doing
> that to remove/lessen the possibility of intermediary proxies or ids
> ips being a factor)
> [OK]
> 2. paint dialog
> says "paint cannot read this file" this is not a valid bitmap file,
> or its format is not currently supported"
> [OK]
> 3. file download dialog
> says "do you want to save this file?"  name calc.bmp, SAVE/CANCEL
> [SAVE]
> 4. save as dialog..
> i pick a new folder and put it in there
> [SAVE]
> 5. download complete
> now it gives the options open/openfolder/close
> [OPEN]
>
> this launches the picture and fax viewer, which then throws the
> following dialog:
>
> DIALOG="Data Execution Prevention - Microsoft Windows"
> To help protect your computer, Windows has closed this program.
> name: Run a DLL as an App
> Publisher: Microsoft Corporation
> [CLOSE MESSAGE]
>
> DIALOG="Run a DLL as an App"
> Run a DLL as an App has encountered a problem and needs to close...
> [CLOSE]
>
> pfv dies.
>
> thats a lot of clicking and steps to get to failure ;)
>
> If i now open the test folder i made, in thumbnails view, I again get
>
> DIALOG=Data Execution Prevention
> To help protect your computer, Windows has closed this program.
> Name: Windows Explorer
> Publisher: Microsoft Explorer
> [CLOSE MESSAGE]
>
> DIALOG=Windows Explorer
> Windows Explorer has encountered a problem and needs to close. We are
> sorry for the inconvenience.
> [CLOSE]
>
> explorer dies. (and autorespawn)
>
> incidentally, there is a telefrag on respawn, since (my) explorer
> restores previous open windows.. and so it shows the window again, and
> dies again.  but fortunately it doesn't keep opening the window it
> stays closed the second time.
>
> "bummer" about dep. but strange it wasn't mentioned more prominently
> as this is major brownie points for whoever implemented that (amd?)
>
> i'll send some screencaps asap to the addr you listed.
>
> hope this helps, thank you hd!
>
> --
> Best regards,
> sandalwood                            mailto:sandalwood at inMail24.com
>
>
>
> ----------
> * Zoner PhotoStudio 8 - Your Photos perfect, shared, organised!
> www.zoner.com/zps


--
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRSbM89sZcveB9ZcRAqPtAJwNucIAppp55yzvmHAI+YAazttWmgCdHET7
vTWi5ssDn09YyXlhSeofJ3g=
=bf1/
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060104/e5420698/attachment.htm>