WMF 0-day update



Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…


The Security Fix is reporting that this affects more than just Windows XP and WIndows 2003… in fact it affects every version of Windows back to Windows 98. Additionally, it affects any image that relies on the WMF viewer library, which unfortunately extends BEYOND WMF files. Even specially crafted JPG’s and GIF’s appear to be possible culprits.

The upshot of all of this is the “vectors” to exploit this are many: specially crafted image file in a web page; html email; (even email attachment); embedded image in a document, etc. The first workaround is sounding to be the best (if inelegant), becuase it disables the use of the vulnerable library.

That first workaround was…

Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • More WMF exploit testing on Windows 98 I've spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I've loaded up the image and visited......
Blog Traffic Exchange Related Websites
  • Houston computers affected by virus A virus is playing havoc with the municipal court operations in Houston. The court system had to close down Friday afternoon after a computer virus affected access to data on court cases. Courtroom operations aren't expected to be back in business before Thursday morning. People can pay fines and conduct......
  • Dress Up Google With Your Favorite Images Lately, Google seems to be trying hard to be on par with its competitors. Firstly, it acquired Orkut as a first step in social media world to compete with Facebook. Some time later, it created Chrome browser to grab browser market. At the start of this year, it came out......
  • Stained Glass Windows Antiques -> Architectural and Garden -> Stained Glass Windows-> Pre-1900 Stained glass windows are more than just functional windows, they are works of art that can express exalted meanings or simply beautify a room. When you are shopping for antique stained glass, it’s important to understand the amount of time......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site