WMF exploit vs. Windows 98 again…



If you’ve visited here in the last few days, you’ll have noticed that I’ve been trying to test the WMF exploit against a Windows 98 Virtual machine since January 1st. I initially started out with a default install, which didn’t work, (for the exploit), then added irfanview (didn’t work), tried the exploit as a jpg, gif, htm, doc file extension, (didn’t work) and then this morning saw that I’m not the only one that’s been testing this….


Several sites are reporting that iDefense has studied how easy it is for earlier Windows versions to be affected and it seems that we have all come to similar conclusions – that it is not as easy for earlier versions of windows to be affected by this exploit.

I saw a comment in one of Larry Seltzer’s posts that IF Windows 98 had Microsoft Office 97 or newer installed AND had folder “enable thumbnail view” enabled AND in View, folder options had Web view” under Windows Desktop Update, THEN it would be affected. I still can’t seem to verify this. I even pulled Microsoft Photo Editor from the Office CD and added that to my install. I haven’t added any service packs from the original Office 97 Professional CD.

True, earlier versions of Windows contain the code that this bug is in, but it takes another dll call to exploit it (the bug itself is in gdi32.dll) (shimgv.dll apparently makes the call to exploit it, but there may be other calls to it = for instance Lotus Notes was shown as vulnerable EVEN with the dll unregistered.)

Oh – one other thing I’ve tested from a comment on one of the earlier posts is using Internet Explorer to view the wmf by including it as an image in a web page… img=bad.wmf… still didn’t seem to do anything.

Related Posts

Blog Traffic Exchange Related Posts
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • Antivirus scanning update for WMF I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when "full detection" of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still......
  • WMF patch from Microsoft expected January 10th The Microsoft security bulletin on the WMF vulnerability has been updated to indicate that Microsoft expects to release an update for the issue in their regular patch release on January 10th. The first couple paragraphs strike me as a bit defensive. Explaining about their immediate mobilization of Incident Response and......
Blog Traffic Exchange Related Websites
  • WordPress in Depth Need a Manual for WordPress? WordPress has grown into the number 1 blogging tool in its category: several million bloggers have downloaded this powerful open source software, and millions more are using WordPress.com’s hosted services. Thirty-two of Technorati’s Top 100 blogs now use WordPress. WordPress InDepth, 2nd edition is a......
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • How to Replace Window Screens Windows screens may look tough, but many times they are all too fragile. One small tear can mean a house filled with bugs, but thankfully, it’s easy enough to fix them if you have the right tools. Here’s a quick guide to replacing and repairing window screens that anyone can......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site