Author Topic: VIRUS ALERT - WMF Vulnerability (Read 3350 times)

XtremeBain · « **on:** January 01, 2006, 02:39:59 PM »

The past few days an exploit has surfaced which can bring your Windows operating system (all versions) to it's knees through day to day tasks such as harmless web browsing, email, P2P, instant messaging. The exploit surrounds the rendering engine used to display WMF files, however these files can be crafted and carry popular extensions like .jpg, .gif, .png, etc. This vulnerability is currently unpatched by Microsoft and indications have been that Microsoft will likely not have a patch available until Jan. 9th at the earliest.

Please note, this affects Windows regardless of version or service pack, and AntiVirus tools are being easily defeated by these viruses.

The SANS Internet Storm Center have increased the Infocon level to Yellow(this is actually pretty significant) and are advising users to apply an UNofficial patch available at http://handlers.sans.org/tliston/wmffix_hexblog13.exe

For more information please see: http://isc.sans.org/diary.php?storyid=994

Eiii · « **Reply #1 on:** January 01, 2006, 03:45:23 PM »

Until I hear of someone that has actually suffered because of this, I won't believe it.
Anything that's posted in the 'General Bullexcrement' section of the SomethingAwful forums... *shivers*

jitspoe · « **Reply #2 on:** January 01, 2006, 09:23:59 PM »

I think I'll wait for an official patch, but thanks for pointing it out.

jitspoe · « **Reply #3 on:** January 03, 2006, 12:40:38 PM »

Here's another possible fix, start|run:
regsvr32 -u %windir%\system32\shimgvw.dll

jitspoe · « **Reply #4 on:** January 03, 2006, 04:55:22 PM »

Another fix attached.

Eiii · « **Reply #5 on:** January 03, 2006, 05:34:21 PM »

Is there any proof that this virus actually exists?

jitspoe · « **Reply #6 on:** January 03, 2006, 06:01:10 PM »

That's a dangerous request -- I ask kindly that nobody post links to pages actually using the exploit.

Eiii · « **Reply #7 on:** January 03, 2006, 06:35:29 PM »

No, not the actual virus. Anyway, I've been driven to believe that it exists, since microsoft acknowledged it.

IronFist · « **Reply #8 on:** January 04, 2006, 01:09:31 PM »

Post removed

jitspoe · « **Reply #9 on:** January 06, 2006, 12:39:28 PM »

There's an official patch out, if you do a windows update, you should see one called "KB912919". That fixes the vulnerability. If you ran the previous patches, you can uninstall them by:

Start | Control Panel | Add/Remove Programs | WMFHotFix, MSI Version 1, HotFix Version 14

and Start | Run | regsvr32 %windir%\system32\shimgvw.dll

mewa · « **Reply #10 on:** January 15, 2010, 07:23:26 AM »

i came across this old post and thought eiii was so darn funny here it was worth revival. enjoy!

Eiii · « **Reply #11 on:** January 18, 2010, 03:50:49 AM »

no meddling clue what I was thinking here. Thanks mewa! :3

Digital Paint Discussion Board

Author Topic: VIRUS ALERT - WMF Vulnerability (Read 3350 times)

XtremeBain

VIRUS ALERT - WMF Vulnerability

Eiii

Re: VIRUS ALERT - WMF Vulnerability

jitspoe

Re: VIRUS ALERT - WMF Vulnerability

jitspoe

Re: VIRUS ALERT - WMF Vulnerability

jitspoe

Re: VIRUS ALERT - WMF Vulnerability

Eiii

Re: VIRUS ALERT - WMF Vulnerability

jitspoe

Re: VIRUS ALERT - WMF Vulnerability

Eiii

Re: VIRUS ALERT - WMF Vulnerability

IronFist

_

jitspoe

Re: VIRUS ALERT - WMF Vulnerability

mewa

Re: VIRUS ALERT - WMF Vulnerability

Eiii

Re: VIRUS ALERT - WMF Vulnerability