«
»

Update on the WMF exploit – more sites to block



I haven’t checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure)….

toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz


The “unregister workaround” is the best at this point because it will prevent ANY file extension image being used to trigger the exploit. It is possible for other image types to be used.

1. Click Start, click Run, type “regsvr32 -u %windir%system32shimgvw.dll”
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

From… f-secure reporting on MS security advisory.

Popularity: 1% [?]

Free PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Epson Perfection 1650 scanner and Windows XP Limited User account "We tried scanning and all that happened was the lamp moved back and forth.... Nothing else happened." That was the description I had and the request to see why the scanner was broken. It hadn't been long since the Epson scanner had been hooked up to a new XP Pro......
  • WMF exploit and Windows 98 Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft's (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a "watershed......
  • Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
Blog Traffic Exchange Related Websites
  • 7 Tips for Printing Web Pages Printing web pages is very useful for many people. Business owners might need to print web orders or invoices. Online shoppers may print the confirmation page for a recent order. Also, people who pay bills online may print pages for their records. Whatever the reason, printing web pages can be......
  • WordPress Plugins These Wordpress plugins are offered by the Blog Traffic Exchange. Enjoy Related Websites / Related Posts Cloud based multi-site related posts plugin. Traffic balancing algorithm to ensure equality based on traffic. Randomization to spread the effect. New traffic opportunities every 24 hours. Increase your traffic today, join the Blog Traffic......
  • 5 Free Security Softwares - Must Use Here are 5 Free Security Softwares that you can use to combat your fear against Adwares, Viruses, Trojans, etc. 1.Avast Home Edition: Best Free Antivirus Avast is one of the best antiviruses I recommend to my friends. It is free and has many features which many of the Antiviruses lack.......

Similar Posts


This entry was posted on Thursday, December 29th, 2005 at 12:01 pm and is filed under Computers, Security, Spyware, Tech Support, Viruses, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site