Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Workaround for the WMF Vulnerability
Posted on 29-Dec-2005 13:40 by M Freitas. | Tags Filed under: Blog.

There is a very serious security vulnerability going around right now, and it will infect computers by downloading trojan malware if you visit a malicious website with a specially formed image file (WMF), or show an infected .wmf file on your e-mail or your hard disk.

The exploit is currently being used to distribute the Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, and Trojan.Win32.Small.ev.

F-Secure has more information here and here. More information is available from Secunia as well.

Some sites with this exploit are crackz [dot] ws, unionseek [dot] com, www.tfcco [dot] com, Iframeurl [dot] biz, beehappyy [dot] biz. These should be blocked at your proxy or DNS Hosts file.

A workaround (while Microsoft does not release a patch) is to un-register the library processing these files by running regsvr32 /u shimgvw.dll from the command line. This will prevent your PC being infected, but it will also remove the ability to show thumbnails in File Explorer. Once Microsoft has released a patch you can restablish this library by running regsvr32 shimgvw.dll.

You should also not open or preview untrusted ".wmf" files and set security level to "High" in Microsoft Internet Explorer.

Systems affected include:

  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows Small Business Server 2003
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows Small Business Server 2003
  • Microsoft Windows Storage Server 2003
  • Microsoft Windows XP Tablet PC
  • Microsoft Windows XP Media Center 2004/2005
  • Microsoft Windows Server 2003 R2 Enterprise Edition
  • Microsoft Windows Server 2003 R2 Standard Edition

  • comments powered by Disqus

    Trending now »

    Hot discussions in our forums right now:

    Gareth Morgan is a genius
    Created by Satch, last reply by Geektastic on 10-Dec-2016 16:18 (176 replies)
    Pages... 10 11 12

    NZ Prime Minister John Key Resigns
    Created by ajobbins, last reply by dafman on 10-Dec-2016 16:13 (221 replies)
    Pages... 13 14 15

    The President Of The USA - Who do you think?
    Created by TimA, last reply by DarthKermit on 10-Dec-2016 20:29 (913 replies)
    Pages... 59 60 61

    Spark wireless broadband and home /lan access: CGNAT limitations
    Created by yokkem, last reply by BarTender on 8-Dec-2016 15:57 (19 replies)
    Pages... 2

    Spark not planning to deploy native IPv6 at all. Ever.
    Created by Erayd, last reply by sbiddle on 7-Dec-2016 20:57 (19 replies)
    Pages... 2

    Woooaaahh earthquake 2016-11-14
    Created by Fred99, last reply by DarthKermit on 9-Dec-2016 16:16 (471 replies)
    Pages... 30 31 32

    Wilson's Car Park - When Free is not free
    Created by nzkiwiman, last reply by cr250bromo on 9-Dec-2016 09:30 (51 replies)
    Pages... 2 3 4

    JB Hifi Cost & GST Sale - 7th Dec
    Created by Finch, last reply by Kopkiwi on 7-Dec-2016 15:11 (16 replies)
    Pages... 2