WMF exploit and Windows 98



Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft’s (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a “watershed moment” for Windows 98/ME and that those users should upgrade immediately as there is little/no hope for a patch.


Unregistering the dll doesn’t work for Win98 (SE). Although the vulnerability technicically exists on Win98 and ME, I’ve not seen as easy infection on 98 as I did in XP. I loaded up a Windows 98 SE image and opened explorer to one of the sites serving up the exploit. After the page loaded a popup opened that said… “File download” and went on to say the file name was xpl.wmf type was a WMF file and it was from 85.255.113.242 – there was a warning that this type of file could harm your computer if it contains malicious code. I’m then prompted to open or save or cancel or get more info….

All this is with IE 6 SP1 on Windows 98 SE. At least it prompts. Being the curious sort…. I saved it to the desktop and then chose to open it. I was greeted with the following…. “Open with” “Click the program you want to use to open the file xpl.wmf if the program you want is not in the list click other…” so, Win98SE in this (default) install doesn’t seem capable of being infected so easily. This doesn’t mean that it’s not vulnerable per se, but the most common exploit doesn’t seem to be effective. (Would an exploit masquerading as a jpg infect the system? I’m not certain.) Would ME be affected? Possibly, I don’t have a Windows ME image to test though.

A quick look at my stats shows that just under 2% of this site’s visitors running some form of Windows, run Windows 98 (91.27% windows xp, 5.67% win2k) I suspect that windows 98 isn’t as tempting a target. That does not mean that it’s safe and certainly Windows 98 users should be considering upgrade options. Vista will be coming soon and so, your options are likely upgrade soon to Windows XP or aim towards Vista. It’s probable at this point, either would require hardware upgrades/replacements.

BTW, the same file, scanned with clamav is detected as Exploit.WMF.A

Related Posts

Blog Traffic Exchange Related Posts
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • WMF zero-day exploit first hand experience Well, I've just spent the better part of 6 hours (maybe a bit more) "sacrificing" a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest......
  • Windows 98 WMF patch This hopefully will be my last post on the whole WMF exploit stuff.... It's prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn't really brought things to a full conclusion for the Windows 98 users. Of course,......
Blog Traffic Exchange Related Websites
  • Save Money with Free Software. When I started this blog, I developed a sort of split personality. In my real life I'm a software engineer and all around computer geek. But when I sit down to write, or read a financial book or magazine, the finance driven "me" comes out. I never really noticed......
  • Athlete Profiles: Pete Sampras Pete Sampras was born in 1971 and grew up in the Washington DC area of the United States. He is considered to be one of the most gifted male players in the sport and has one numerous titles, medals and cups throughout his long and illustrious career. Although he is......
  • SAINT 7.9 Product Release From Saint Newletter: Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection Flash application - Flash application......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site