WMF 0-day update



Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…


The Security Fix is reporting that this affects more than just Windows XP and WIndows 2003… in fact it affects every version of Windows back to Windows 98. Additionally, it affects any image that relies on the WMF viewer library, which unfortunately extends BEYOND WMF files. Even specially crafted JPG’s and GIF’s appear to be possible culprits.

The upshot of all of this is the “vectors” to exploit this are many: specially crafted image file in a web page; html email; (even email attachment); embedded image in a document, etc. The first workaround is sounding to be the best (if inelegant), becuase it disables the use of the vulnerable library.

That first workaround was…

Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • More WMF exploit testing on Windows 98 I've spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I've loaded up the image and visited......
  • Microsoft Security advisory on WMF exploit I've read the security advisory and unfortunately Microsoft doesn't give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you've been affected by this. (1-866-PCSAFETY) and 3) make......
Blog Traffic Exchange Related Websites
  • What is Frozen Shoulder? The term “frozen shoulder” conjures up all sorts of mental images, but this term refers to an injury that is quite common. A frozen shoulder is a painful problem that results in a lack of mobility of the afflicted shoulder and it can be quite troublesome for many people. It......
  • Houston computers affected by virus A virus is playing havoc with the municipal court operations in Houston. The court system had to close down Friday afternoon after a computer virus affected access to data on court cases. Courtroom operations aren't expected to be back in business before Thursday morning. People can pay fines and conduct......
  • n00b guide to Facebook Privacy Want to protect your Facebook account's privacy? Here's a post to guide you to safeguard your privacy to the maximum. Note: This is a long post. Please wait while all the images load. It may take some time, depending on your net connection. Click on the thumbnails for a larger......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site