New WMF Exploit, Protect Your Computer!
Join the #1 Art Workshop - LevelUpJoin Premium Art Workshop

Results 1 to 5 of 5

Thread: New WMF Exploit, Protect Your Computer!

  1. #1
    Join Date
    Dec 2003
    Location
    Massachusetts, USA
    Posts
    399
    Thanks
    0
    Thanked 1 Time in 1 Post
    Follows
    0
    Following
    0

    New WMF Exploit, Protect Your Computer!

    http://blogs.washingtonpost.com/secu...t_release.html

    Apparently there is a new security flaw with Windows that is capable of opening up a computer to external attack via spyware, virii (Is that the plural of virus?), and trojans. It uses an exploit within Windows Metafile Format to do this. Basically, all Windows needs to do is parse the image. It has already been on several popular forums (even one I browsed!) and due to it's versitility is probably on many websites too to download malicious spyware.

    Internet Explorer immediately parses the image, so until a patch is out (which to my knowledge hasn't happened yet) anyone using this browser is vulnerable. Supposedly there are some ways to use this exploit using only links (not sure about this) so turning the images off may only partly protect you.

    Early versions of Firefox and Opera ask you to download the file, so just say NO! Firefox 1.5 ignores the image but still caches it, so as long as you keep emptying your cache WITHOUT looking in it you'll be reasonably safe.

    Also Google Toolbar parses the image, so even if you have Firefox 1.5 it can still attack.

    The image is dangerous even while cached, so keep clearing it (but don't look in it!). Looking in the cache may generate a thumbnail (depending on your computer settings) which will parse the image.

    So what can you do?
    -Keep on top of antivirus and Windows updates. Symantec, AVG And Macafee already have updated to defend against the exploit. Update and run these as soon as you can.
    -If you are still worried you can go to start>>run and type in (without quotes) "regsvr32 /u shimgvw.dll" this will stop Windows from rendering WMF. I did this but now I can't see thumbnails, repeat the steps with "regsvr32 shimgvw.dll" to go back to normal if you experience problems. This will not stop IE from parsing the image.
    -Use the latest version of Firefox.
    -Use a Mac (If you just happen to have one lying around)

    If anyone sees any mistakes feel free to correct me, part of my job involves securing computers but I'll be the first to admit that I don't always know what's going on with them.

    Last edited by staylor; December 29th, 2005 at 09:34 PM.
    FASTIDIOUS SKETCHFIENDS of the FANTASTIC FOURTEENTH ESCHELON
    staylor| inkfish | rodrigo! | ah.heng | maxetormer | bRØk3n_sPiRiT | Max1975 | ZebzFree

    TURBOFANATIC
    Reply With Quote Reply With Quote  

  2. #2
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    1,173
    Thanks
    22
    Thanked 98 Times in 35 Posts
    Follows
    0
    Following
    0
    I can verify that this exploit exists

    http://www.microsoft.com/technet/sec...ry/912840.mspx

    I'm astounded that WMF isn't deprecated yet

    Reply With Quote Reply With Quote  

  3. #3
    Join Date
    Jan 2004
    Location
    Oakville, ON
    Posts
    1,989
    Thanks
    0
    Thanked 3 Times in 2 Posts
    Follows
    0
    Following
    0
    ********************************
    There are 3 sides to every story. Yours, mine and THE TRUTH.
    Reply With Quote Reply With Quote  

  4. #4
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    1,173
    Thanks
    22
    Thanked 98 Times in 35 Posts
    Follows
    0
    Following
    0
    This could be a real big problem. Just imagine if someone worked a malformed WMF onto the front page of a highly trafficked site...

    Hmmm... My brother got hit by it 2 days ago. Though it's just another addition to his collection of spyware, viruses etc...

    Reply With Quote Reply With Quote  

  5. #5
    Join Date
    Sep 2004
    Posts
    1,350
    Thanks
    17
    Thanked 118 Times in 69 Posts
    Follows
    0
    Following
    0
    http://www.winpatrol.com/

    http://free.grisoft.com/freeweb.php/doc/2/
    I wouldn't wait to buy, just download these now and install.

    http://www.mvps.org/winhelp2002/security.htm
    Read this and get yourself a fire wall.

    I use freeware, and AVG does kick ass.

    My New Neglected Sketchbook
    You Ain't no Nina!.....

    "Too often we... enjoy the comfort of opinion without the discomfort of thought." -- John Fitzgerald Kennedy
    "My mind is made up. Don't confuse it with facts." -- Terence McKenna
    Reply With Quote Reply With Quote  

Members who have read this thread: 0

There are no members to list at the moment.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •