WMF exploit and Windows 98



Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft’s (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a “watershed moment” for Windows 98/ME and that those users should upgrade immediately as there is little/no hope for a patch.


Unregistering the dll doesn’t work for Win98 (SE). Although the vulnerability technicically exists on Win98 and ME, I’ve not seen as easy infection on 98 as I did in XP. I loaded up a Windows 98 SE image and opened explorer to one of the sites serving up the exploit. After the page loaded a popup opened that said… “File download” and went on to say the file name was xpl.wmf type was a WMF file and it was from 85.255.113.242 – there was a warning that this type of file could harm your computer if it contains malicious code. I’m then prompted to open or save or cancel or get more info….

All this is with IE 6 SP1 on Windows 98 SE. At least it prompts. Being the curious sort…. I saved it to the desktop and then chose to open it. I was greeted with the following…. “Open with” “Click the program you want to use to open the file xpl.wmf if the program you want is not in the list click other…” so, Win98SE in this (default) install doesn’t seem capable of being infected so easily. This doesn’t mean that it’s not vulnerable per se, but the most common exploit doesn’t seem to be effective. (Would an exploit masquerading as a jpg infect the system? I’m not certain.) Would ME be affected? Possibly, I don’t have a Windows ME image to test though.

A quick look at my stats shows that just under 2% of this site’s visitors running some form of Windows, run Windows 98 (91.27% windows xp, 5.67% win2k) I suspect that windows 98 isn’t as tempting a target. That does not mean that it’s safe and certainly Windows 98 users should be considering upgrade options. Vista will be coming soon and so, your options are likely upgrade soon to Windows XP or aim towards Vista. It’s probable at this point, either would require hardware upgrades/replacements.

BTW, the same file, scanned with clamav is detected as Exploit.WMF.A

Related Posts

Blog Traffic Exchange Related Posts
  • Another workaround for WMF exploit There are at least two other workarounds for the Windows Meta File (WMF) exploit that I've been looking into this afternoon. These from sunbelt blog. First up... 2. Change file associations for WMF files. An equally ugly fix (but perhaps preferable) is to do the following: 1. Go to My......
  • Cleaning up after WMF Exploit - summary Can I say enough times that after a bad trojan infestation you should format and reinstall? I've cleaned up the infested image that I "sacrificed" to the WMF exploit and as I've said you're pestware install will likely be somewhat different. An exploit is just the road, the spyware and......
  • WMF exploit testing on Windows 98 I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven't seen a way that the WMF exploits can work on Windows 98 SE. I'm running out of time before I have to run to some......
Blog Traffic Exchange Related Websites
  • 10 Windows 7 Tips So far, Windows 7 is the bee's knees.  The more I find out, the more I like, which is saying a lot - with operating systems, it's usually the other way around! Here are a few things that make Windows 7 neat.  Big thanks to Tim Sneath for most of......
  • Introducing the NASDAQ OMX Government Relief Index. File under: "huh"? I'm not sure why, but Nasdaq has released a "New Benchmark Tracks Companies That are Participating in the U.S. Government's Financial Relief Plan". It's called the "NASDAQ OMX Government Relief Index" and it's ticker is QGRI. My first thought is, "Why?" I mean, these banks are......
  • Save Money with Free Software. When I started this blog, I developed a sort of split personality. In my real life I'm a software engineer and all around computer geek. But when I sit down to write, or read a financial book or magazine, the finance driven "me" comes out. I never really noticed......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site