WMF 0-day update



Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…


The Security Fix is reporting that this affects more than just Windows XP and WIndows 2003… in fact it affects every version of Windows back to Windows 98. Additionally, it affects any image that relies on the WMF viewer library, which unfortunately extends BEYOND WMF files. Even specially crafted JPG’s and GIF’s appear to be possible culprits.

The upshot of all of this is the “vectors” to exploit this are many: specially crafted image file in a web page; html email; (even email attachment); embedded image in a document, etc. The first workaround is sounding to be the best (if inelegant), becuase it disables the use of the vulnerable library.

That first workaround was…

Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

Related Posts

Blog Traffic Exchange Related Posts
  • Another workaround for WMF exploit There are at least two other workarounds for the Windows Meta File (WMF) exploit that I've been looking into this afternoon. These from sunbelt blog. First up... 2. Change file associations for WMF files. An equally ugly fix (but perhaps preferable) is to do the following: 1. Go to My......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Zotob worm bites big media outlets According to several reports there are several big media outlets seeing what is reported as the zotob worm which exploits a Microsoft Windows vulnerability (MS05-039) disclosed last week. There seems to be no better way for something to make the news than for it to affect the companies that bring......
Blog Traffic Exchange Related Websites
  • Wordpress Backup Wordpress Backup is an essential plugin for all Wordpress blog administrators by the Blog Traffic Exchange. It performs regular backups of your upload (images) current theme, and plugin directories. Backup files are available for download and optionally emailed to a specified email. Don't get caught without a recent backup of......
  • Dress Up Google With Your Favorite Images Lately, Google seems to be trying hard to be on par with its competitors. Firstly, it acquired Orkut as a first step in social media world to compete with Facebook. Some time later, it created Chrome browser to grab browser market. At the start of this year, it came out......
  • What is Frozen Shoulder? The term “frozen shoulder” conjures up all sorts of mental images, but this term refers to an injury that is quite common. A frozen shoulder is a painful problem that results in a lack of mobility of the afflicted shoulder and it can be quite troublesome for many people. It......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site