Author Topic: VIRUS ALERT - WMF Vulnerability  (Read 3393 times)

XtremeBain

  • Developer
  • Autococker
  • Posts: 1470
VIRUS ALERT - WMF Vulnerability
« on: January 01, 2006, 02:39:59 PM »
The past few days an exploit has surfaced which can bring your Windows operating system (all versions) to it's knees through day to day tasks such as harmless web browsing, email, P2P, instant messaging.  The exploit surrounds the rendering engine used to display WMF files, however these files can be crafted and carry popular extensions like .jpg, .gif, .png, etc.  This vulnerability is currently unpatched by Microsoft and indications have been that Microsoft will likely not have a patch available until Jan. 9th at the earliest.

Please note, this affects Windows regardless of version or service pack, and AntiVirus tools are being easily defeated by these viruses.

The SANS Internet Storm Center have increased the Infocon level to Yellow(this is actually pretty significant) and are advising users to apply an UNofficial patch available at http://handlers.sans.org/tliston/wmffix_hexblog13.exe

For more information please see: http://isc.sans.org/diary.php?storyid=994

Eiii

  • Autococker
  • Posts: 4595
Re: VIRUS ALERT - WMF Vulnerability
« Reply #1 on: January 01, 2006, 03:45:23 PM »
Until I hear of someone that has actually suffered because of this, I won't believe it.
Anything that's posted in the 'General Bullexcrement' section of the SomethingAwful forums... *shivers*

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: VIRUS ALERT - WMF Vulnerability
« Reply #2 on: January 01, 2006, 09:23:59 PM »
I think I'll wait for an official patch, but thanks for pointing it out.

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: VIRUS ALERT - WMF Vulnerability
« Reply #3 on: January 03, 2006, 12:40:38 PM »
Here's another possible fix, start|run:
regsvr32 -u %windir%\system32\shimgvw.dll

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: VIRUS ALERT - WMF Vulnerability
« Reply #4 on: January 03, 2006, 04:55:22 PM »
Another fix attached.

Eiii

  • Autococker
  • Posts: 4595
Re: VIRUS ALERT - WMF Vulnerability
« Reply #5 on: January 03, 2006, 05:34:21 PM »
Is there any proof that this virus actually exists?

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: VIRUS ALERT - WMF Vulnerability
« Reply #6 on: January 03, 2006, 06:01:10 PM »
That's a dangerous request -- I ask kindly that nobody post links to pages actually using the exploit.

Eiii

  • Autococker
  • Posts: 4595
Re: VIRUS ALERT - WMF Vulnerability
« Reply #7 on: January 03, 2006, 06:35:29 PM »
No, not the actual virus. Anyway, I've been driven to believe that it exists, since microsoft acknowledged it.

IronFist

  • Autococker
  • Posts: 1304
_
« Reply #8 on: January 04, 2006, 01:09:31 PM »
Post removed
« Last Edit: July 25, 2010, 10:57:35 PM by IronFist »

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: VIRUS ALERT - WMF Vulnerability
« Reply #9 on: January 06, 2006, 12:39:28 PM »
There's an official patch out, if you do a windows update, you should see one called "KB912919".  That fixes the vulnerability.  If you ran the previous patches, you can uninstall them by:

Start | Control Panel | Add/Remove Programs | WMFHotFix, MSI Version 1, HotFix Version 14

and Start | Run | regsvr32 %windir%\system32\shimgvw.dll

mewa

  • 68 Carbine
  • Posts: 277
Re: VIRUS ALERT - WMF Vulnerability
« Reply #10 on: January 15, 2010, 07:23:26 AM »
i came across this old post and thought eiii was so darn funny here it was worth revival. enjoy!

Eiii

  • Autococker
  • Posts: 4595
Re: VIRUS ALERT - WMF Vulnerability
« Reply #11 on: January 18, 2010, 03:50:49 AM »
no meddling clue what I was thinking here. Thanks mewa! :3