More WMF exploit testing on Windows 98

I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.

All of these have been scanned by clamav and show up as Exploit.WMF.A – so I’m dealing with the first generation of the exploit (there is detection for Exploit.WMF.B but I’m not sure how effective it is with all the .B variants.)

I can’t seem to find any good examples of a “B” exploit. I guess I could try to load metasploit and see how to generate one? I may give that a try, but this is shaping up to be quite a challenge to actually prove that Windows 98 is vulnerable to what’s going around.

So far, I would say that it’s likely that there is a vulnerability in Windows 98’s gdi32.dll, it may be that there aren’t as many easy avenues to exploit (no shimgvw.dll to work with.) There is a thumbvw.dll, but… the long and short of it is, I’m trying to get Windows 98 SE to fall for the exploit and it’s not happening on my test image.

   Send article as PDF   

Similar Posts