Author Topic: WMF Vulnerability Avast! Official Confirmation  (Read 20167 times)

0 Members and 1 Guest are viewing this topic.

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
WMF Vulnerability Avast! Official Confirmation
« on: December 30, 2005, 01:18:08 PM »
Does Avast include signature for this exploit?

I thing Avast is taking a very low profile in this matter.

I know there is a thread in Virus-forum with different suggestions, but I think Avast should give an official confirmation that Avast users are safe! or not?

Regards
Hannibal Lecter
« Last Edit: December 30, 2005, 01:41:35 PM by hlecter »

Offline TAP

  • Sr. Member
  • ****
  • Posts: 201
  • I'm a llama!
Re: WMF Vulnerability
« Reply #1 on: December 30, 2005, 01:30:32 PM »
As far as I know avast! is one of the first AVs that release a signature of this exploit.

http://forum.avast.com/index.php?topic=18295.0

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: WMF Vulnerability
« Reply #2 on: December 30, 2005, 01:35:08 PM »
TAP:

Could you please quote the official answer to my question in that Thread?

Regards
Hannibal L

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #3 on: December 30, 2005, 01:47:48 PM »
TAP:

Your suggestion to include *.wmf in the URL block list is good but according to MS Security Advisory 912840 it is possible for the files to disguise as eg gif or another picture format.

Hannibal L

Offline TAP

  • Sr. Member
  • ****
  • Posts: 201
  • I'm a llama!
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #4 on: December 30, 2005, 01:55:27 PM »
TAP:

Your suggestion to include *.wmf in the URL block list is good but according to MS Security Advisory 912840 it is possible for the files to disguise as eg gif or another picture format.

Hannibal L

See my post here (but I can't confirm if it's safe or not)
http://forum.avast.com/index.php?topic=18295.msg155892#msg155892

I can answer your question (first question) about the signature of this exploit, But I can't give an official confirmation that avast users are safe. vlk or other Alwil staff are the right person to do so.


Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #5 on: December 30, 2005, 02:08:42 PM »
Vlk said in the thread I mentioned that Avast were working on it but that it would take some time to produce the signature.

What is the name Avast uses, then I can check in viruslist on Avast site.
The last defs you can read there are from 28.12.

The defs from 29.12 are not specified.

We really need some official clarification.

Hannibal Lecter

« Last Edit: December 30, 2005, 02:10:44 PM by hlecter »

Offline Sgt.Schumann

  • Jr. Member
  • **
  • Posts: 72
  • Men of the '303'
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #6 on: December 30, 2005, 02:11:28 PM »
AFAIK, Avast! uses "Win32:Exdown [Trj]" for the exploit.
It has been added 28.12.

Offline TAP

  • Sr. Member
  • ****
  • Posts: 201
  • I'm a llama!
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #7 on: December 30, 2005, 02:13:29 PM »
Vlk said in the thread I mentioned that Avast were working on it but that it would take some time to produce the signature.

What is the name Avast uses, then I can check in viruslist on Avast site.
The last defs you can read there are from 28.12.

The defs from 29.12 are not specified.

We really need some official clarification.

Hannibal Lecter



As Sgt.Schumann said and I have the sample of this exploit.

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #8 on: December 30, 2005, 02:22:33 PM »
Thank you all for convincing me!  :)

Hannibal Lecter
"Looking forward to my new year meal"
« Last Edit: December 30, 2005, 02:41:03 PM by hlecter »

Offline Sgt.Schumann

  • Jr. Member
  • **
  • Posts: 72
  • Men of the '303'
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #9 on: December 30, 2005, 02:28:55 PM »
The quote from Vlk was *before* the update containing the signature for the exploit was deployed.

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #10 on: December 30, 2005, 02:57:47 PM »
Hi Hlecter  :D,

If I remember corectly, You and I recently had a nice chat at the aSquared Support Forum. You offered help about signature backup and while waiting for moderators to return we talked about casual stuff, remember? ;D

I'm so glad that you're a happy avast user! Well, if you need a chat again, please don't hesitate to return to one of the best forums on this matter  ;)

I'll say once more: "Have a pleasant meal"  8)
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline TAP

  • Sr. Member
  • ****
  • Posts: 201
  • I'm a llama!
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #11 on: December 30, 2005, 03:02:16 PM »
I just go to some website that contains this exploit but avast! Web Shield protects me very well.

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #12 on: December 30, 2005, 03:48:38 PM »
Hi Zagor  :)

Yes, we meet again. The world isn`t that big, is it.

I have been a happy Avast user for a very long time, but not very active on this forum as you can see from my number of counts. Never needed help, I guess   ;).

But one thing I will say for sure: we will meet again.  ;)

Have a nice day (and a happy new year) if we don`t meet again THIS YEAR!

TAP:
Could you please PM me the address of said website? Thank you!  ;D

Edit: I suppose you have removed *.wmf from URL blocking now, should not be necessary?
« Last Edit: December 30, 2005, 03:54:02 PM by hlecter »

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #13 on: December 30, 2005, 04:17:32 PM »
Quote
Have a nice day (and a happy new year)

You too!  ;)
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline Chuck58

  • Jr. Member
  • **
  • Posts: 62
Re: WMF Vulnerability Avast! Official Confirmation
« Reply #14 on: December 30, 2005, 05:42:28 PM »
Is AVAST's signature for the current version of WMF that was found a couple of days ago as reported here? Apparently this is the second incarnation of WMF and is pretty bad.

http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
Home, vehicle, and person protected by Smith and Wesson.