More WMF exploit testing on Windows 98



I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.


All of these have been scanned by clamav and show up as Exploit.WMF.A – so I’m dealing with the first generation of the exploit (there is detection for Exploit.WMF.B but I’m not sure how effective it is with all the .B variants.)

I can’t seem to find any good examples of a “B” exploit. I guess I could try to load metasploit and see how to generate one? I may give that a try, but this is shaping up to be quite a challenge to actually prove that Windows 98 is vulnerable to what’s going around.

So far, I would say that it’s likely that there is a vulnerability in Windows 98′s gdi32.dll, it may be that there aren’t as many easy avenues to exploit (no shimgvw.dll to work with.) There is a thumbvw.dll, but… the long and short of it is, I’m trying to get Windows 98 SE to fall for the exploit and it’s not happening on my test image.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Linux Permissions Headache Yikes, what an evening..... it started innocently enough in the afternoon. I have an old Mandrake 10.0 server that I was upgrading clamav on (recent security update). While I was at it, I was reviewing the anti-spam setup to see if I could get any better success with filtering junk......
  • WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
Blog Traffic Exchange Related Websites
  • Save Money with Free Software. When I started this blog, I developed a sort of split personality. In my real life I'm a software engineer and all around computer geek. But when I sit down to write, or read a financial book or magazine, the finance driven "me" comes out. I never really noticed......
  • Free Spiritual Ebook: "The Door of Everything" by Ruby Nelson "Walk with me, the guiding voice of Father consciousness at the center of your soul, and I will lead you gently onward and raise your thoughts to the height of truth . . . Contrary to appearances, I am not a lazy God who created the world and rested,......
  • How to Install Window Boxes Window boxes add charm to any home and they are so easy to install that anyone can do it. You're going to need to get a few things together before you get started. Your tools will include: window box brackets a level that is longer than the window box you......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “More WMF exploit testing on Windows 98”

  1. The PC Doctor Says:


    Much more on the WMF exploit

    A lot has happened since last night so let me try to bring you up to speed on things.
    First, Ilfak Guilfanov  (the researcher who came up with the unofficial patch) has come out with a WMF vulnerability checker to allow you to test your systems …

  2. The PC Doctor » Blog Archive » WMF exploit - Quick Guide Says:


    [...] Further research seems to show that Windows 98, Windows 98 SE and Windows ME might be harder to infect  than later versions , although they still contain the exploit and may be targeted with greater ferocity soon. [...]


Switch to our mobile site