More WMF exploit testing on Windows 98



I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.


All of these have been scanned by clamav and show up as Exploit.WMF.A – so I’m dealing with the first generation of the exploit (there is detection for Exploit.WMF.B but I’m not sure how effective it is with all the .B variants.)

I can’t seem to find any good examples of a “B” exploit. I guess I could try to load metasploit and see how to generate one? I may give that a try, but this is shaping up to be quite a challenge to actually prove that Windows 98 is vulnerable to what’s going around.

So far, I would say that it’s likely that there is a vulnerability in Windows 98′s gdi32.dll, it may be that there aren’t as many easy avenues to exploit (no shimgvw.dll to work with.) There is a thumbvw.dll, but… the long and short of it is, I’m trying to get Windows 98 SE to fall for the exploit and it’s not happening on my test image.

Related Posts

Blog Traffic Exchange Related Posts
  • OpenOffice.org security update Version 2.0.3 of OpenOffice.org has been released. It includes quite a few bugfixes, including three security related fixes. The security vulnerabilities were apparently found in an internal audit. One of the improvements in 2.0.3 is an integrated update check, to be able to check for available updates directly from within......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Disinfecting a PC… part 4 So, AVG has been scanning away finding things we've really got a foothold on the system and the malware has a fight on it's hands. It's good to see progress. Up to this point we've had multiple Spool32 errors (printer related). These errors are what prompted the system to be......
Blog Traffic Exchange Related Websites
  • Save Money with Free Software. When I started this blog, I developed a sort of split personality. In my real life I'm a software engineer and all around computer geek. But when I sit down to write, or read a financial book or magazine, the finance driven "me" comes out. I never really noticed......
  • How to Install Window Boxes Window boxes add charm to any home and they are so easy to install that anyone can do it. You're going to need to get a few things together before you get started. Your tools will include: window box brackets a level that is longer than the window box you......
  • Tennis Preview: The West Virginia Open Final preparations are currently being made for the West Virginia Open, the 48th of its kind, which is slated to begin on July 22 and last until July 26, and will be held at the Oglebay Tennis Center. This event is building a great amount of following, especially when you......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “More WMF exploit testing on Windows 98”

  1. The PC Doctor Says:


    Much more on the WMF exploit

    A lot has happened since last night so let me try to bring you up to speed on things.
    First, Ilfak Guilfanov  (the researcher who came up with the unofficial patch) has come out with a WMF vulnerability checker to allow you to test your systems …

  2. The PC Doctor » Blog Archive » WMF exploit - Quick Guide Says:


    [...] Further research seems to show that Windows 98, Windows 98 SE and Windows ME might be harder to infect  than later versions , although they still contain the exploit and may be targeted with greater ferocity soon. [...]


Switch to our mobile site