WMF 0-day update



Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…


The Security Fix is reporting that this affects more than just Windows XP and WIndows 2003… in fact it affects every version of Windows back to Windows 98. Additionally, it affects any image that relies on the WMF viewer library, which unfortunately extends BEYOND WMF files. Even specially crafted JPG’s and GIF’s appear to be possible culprits.

The upshot of all of this is the “vectors” to exploit this are many: specially crafted image file in a web page; html email; (even email attachment); embedded image in a document, etc. The first workaround is sounding to be the best (if inelegant), becuase it disables the use of the vulnerable library.

That first workaround was…

Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Security advisory on WMF exploit I've read the security advisory and unfortunately Microsoft doesn't give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you've been affected by this. (1-866-PCSAFETY) and 3) make......
  • Another workaround for WMF exploit There are at least two other workarounds for the Windows Meta File (WMF) exploit that I've been looking into this afternoon. These from sunbelt blog. First up... 2. Change file associations for WMF files. An equally ugly fix (but perhaps preferable) is to do the following: 1. Go to My......
  • Zotob worm bites big media outlets According to several reports there are several big media outlets seeing what is reported as the zotob worm which exploits a Microsoft Windows vulnerability (MS05-039) disclosed last week. There seems to be no better way for something to make the news than for it to affect the companies that bring......
Blog Traffic Exchange Related Websites
  • Dress Up Google With Your Favorite Images Lately, Google seems to be trying hard to be on par with its competitors. Firstly, it acquired Orkut as a first step in social media world to compete with Facebook. Some time later, it created Chrome browser to grab browser market. At the start of this year, it came out......
  • Stained Glass Windows Antiques -> Architectural and Garden -> Stained Glass Windows-> Pre-1900 Stained glass windows are more than just functional windows, they are works of art that can express exalted meanings or simply beautify a room. When you are shopping for antique stained glass, it’s important to understand the amount of time......
  • Wordpress Backup Wordpress Backup is an essential plugin for all Wordpress blog administrators by the Blog Traffic Exchange. It performs regular backups of your upload (images) current theme, and plugin directories. Backup files are available for download and optionally emailed to a specified email. Don't get caught without a recent backup of......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site