Windows Extended File Attributes Buffer Overflow Study II Key Information about the Vulnerability: Vulnerability Type: Buffer overflow in Windows Extended File Attributes (EFA) Affected Systems: Microsoft Windows GDI and Ole32 subsystems Impact: Local buffer overflow vulnerabilities leading to potential crashes and exploitation in various file types (e.g., .jpg, .doc, .gif, .wmf) Testing with Filemon and EFA: Tools Used: Filemon and EFA (extended file attributes viewer) Actions Performed: Various tests with crafted files (WMF, JPG, GIF, DOC) to identify overflow conditions. Results: All PoC and exploits exhibit similar behavior; crashes occur when extending file attributes of specific files. Exploit Samples: WMF Exploit: Download BID 16167 exploits and test with Filemon for overflow in function. JPG Exploit: BID 25207; similar crash behavior with WMF. GIF Exploit: Denial of service utilizing GIF generation cycles. DOC Exploit: Similar overflow testing via Windows Script Host. Author and Credits: Found and documented by DeltaHackingTeam members including Reza Yavari. Acknowledgments to various contributors like Freaky, Lostmon, Estrella, FalconDeOro, Secunia researchers, and others.