WMF exploit vs. Windows 98 again…
If you’ve visited here in the last few days, you’ll have noticed that I’ve been trying to test the WMF exploit against a Windows 98 Virtual machine since January 1st. I initially started out with a default install, which didn’t work, (for the exploit), then added irfanview (didn’t work), tried the exploit as a jpg, gif, htm, doc file extension, (didn’t work) and then this morning saw that I’m not the only one that’s been testing this….
Several sites are reporting that iDefense has studied how easy it is for earlier Windows versions to be affected and it seems that we have all come to similar conclusions – that it is not as easy for earlier versions of windows to be affected by this exploit.
I saw a comment in one of Larry Seltzer’s posts that IF Windows 98 had Microsoft Office 97 or newer installed AND had folder “enable thumbnail view” enabled AND in View, folder options had Web view” under Windows Desktop Update, THEN it would be affected. I still can’t seem to verify this. I even pulled Microsoft Photo Editor from the Office CD and added that to my install. I haven’t added any service packs from the original Office 97 Professional CD.
True, earlier versions of Windows contain the code that this bug is in, but it takes another dll call to exploit it (the bug itself is in gdi32.dll) (shimgv.dll apparently makes the call to exploit it, but there may be other calls to it = for instance Lotus Notes was shown as vulnerable EVEN with the dll unregistered.)
Oh – one other thing I’ve tested from a comment on one of the earlier posts is using Internet Explorer to view the wmf by including it as an image in a web page… img=bad.wmf… still didn’t seem to do anything.
Popularity: 1% [?]
Related Posts - WMF exploit virus detection revisited Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was "TheHacker" from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20......
- More WMF exploit testing on Windows 98 I've spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I've loaded up the image and visited......
- Update on Internet Explorer Zero Day exploit Yesterday I mentioned a SANS report on a possible zero day exploit against Internet Explorer. Today they have more details in the handlers diary. Among other things SANS has issued a patch for it. Essentially the zero day (or previously unknown) vulnerability deals with a .Net framework file, msdds.dll .......
Related Websites - Cadillac Escalade Hybrid 2009 The Cadillac Escalade line of vehicles has recently released its newest incarnation, the Cadillac Escalade Hybrid 2009. This is a green hybrid electric vehicle that is based on Escalade's proprietary two mode hybrid system. The Cadillac Escalade Hybrid SUV is the first hybrid entering into the full size luxury SUV......
- How to Replace Window Screens Windows screens may look tough, but many times they are all too fragile. One small tear can mean a house filled with bugs, but thankfully, it’s easy enough to fix them if you have the right tools. Here’s a quick guide to replacing and repairing window screens that anyone can......
- New Main Window Options The latest version has a new viewing option, which includes a header window showing the keyword prompt and, for new kanji, the kanji itself in a large font. This may suit users who found that the kanji in the title bar was too small, or who are not used to......
Similar Posts
- Windows 98 and the WMF exploit
- WMF vulnerability advisory update
- WMF exploit testing on Windows 98
- Powerpoint vulnerability (August 2006)
- Windows 98 WMF patch