More WMF exploit testing on Windows 98



I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.


All of these have been scanned by clamav and show up as Exploit.WMF.A – so I’m dealing with the first generation of the exploit (there is detection for Exploit.WMF.B but I’m not sure how effective it is with all the .B variants.)

I can’t seem to find any good examples of a “B” exploit. I guess I could try to load metasploit and see how to generate one? I may give that a try, but this is shaping up to be quite a challenge to actually prove that Windows 98 is vulnerable to what’s going around.

So far, I would say that it’s likely that there is a vulnerability in Windows 98′s gdi32.dll, it may be that there aren’t as many easy avenues to exploit (no shimgvw.dll to work with.) There is a thumbvw.dll, but… the long and short of it is, I’m trying to get Windows 98 SE to fall for the exploit and it’s not happening on my test image.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
Blog Traffic Exchange Related Websites
  • How to Install Window Boxes Window boxes add charm to any home and they are so easy to install that anyone can do it. You're going to need to get a few things together before you get started. Your tools will include: window box brackets a level that is longer than the window box you......
  • Tennis Preview: The West Virginia Open Final preparations are currently being made for the West Virginia Open, the 48th of its kind, which is slated to begin on July 22 and last until July 26, and will be held at the Oglebay Tennis Center. This event is building a great amount of following, especially when you......
  • Free Spiritual Ebook: "The Door of Everything" by Ruby Nelson "Walk with me, the guiding voice of Father consciousness at the center of your soul, and I will lead you gently onward and raise your thoughts to the height of truth . . . Contrary to appearances, I am not a lazy God who created the world and rested,......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “More WMF exploit testing on Windows 98”

  1. The PC Doctor Says:


    Much more on the WMF exploit

    A lot has happened since last night so let me try to bring you up to speed on things.
    First, Ilfak Guilfanov  (the researcher who came up with the unofficial patch) has come out with a WMF vulnerability checker to allow you to test your systems …

  2. The PC Doctor » Blog Archive » WMF exploit - Quick Guide Says:


    [...] Further research seems to show that Windows 98, Windows 98 SE and Windows ME might be harder to infect  than later versions , although they still contain the exploit and may be targeted with greater ferocity soon. [...]


Switch to our mobile site