Third Party WMF patch



The F-secure blog is reporting on a third party patch for the WMF exploit. I have not tested it, it seems to come from a knowledgable source though. As I’m writing this though, the thought strikes me that a really nasty trick would be a claimed fix that actually exploited the vulnerability. It pays to check up on the source of ANY third-party fix for Windows (or any other operating system or software suite…) Anyway, this seems to be a good source though. He’s the primary author of IDA Pro (Interactive Disassembler Pro).


For someone htat’s REALLY anxious for a fix other than the unregister workaround this looks like a good option. He describes it in the blog post linked to above. It basically is a dll that hooks into user32.dll and disables the SETABORT escape sequence in gdi32.dll

His fix is currently available only for Windows XP SP2 (64-bit as well) it will have an entry in add/remove programs. He suggests to remove it 1) if you have any problems with it and 2) when Microsoft patches the bug. In other words, when MS patches the problem uninstall this and install their patch.

It does not cause the problems with image browsing that the registry workaround does. He’s also asking for input on any experience with the patch (i.e. does this break anything?) The expected disclaimers for this apply…. (no responsibility for system breakage – read and decide for yourself if you want to try this.)

   Send article as PDF   

Similar Posts