vsr333 0 Report post Posted April 20, 2006 A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware. WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise. Microsoft previously fixed a vulnerability affecting WMF and EMF files in November. That problem affected Windows 2000, XP and Windows Server 2003. "We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. These image files can be modified very easily to download any malware or virus," said Alex Eckelberry, CEO of Sunbelt Software. "I hit one site with a fully patched XP system last week and it was pretty intense -- it went right through and infected my machine." F-Secure's Mika Pehkonen warned that, "Right now, fully patched Windows XP SP2 machines are vulnerable, with no known patch." The company is detecting the offending WMF files as W32/PFV-Exploit.A, .B and .C. "Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file," Pehkonen added. Microsoft has been notified of the issue and it could opt to issue an emergency patch, apart from its standard Patch Tuesday security bulletins. "We expect Microsoft to issue a patch on this as soon as they can," says F-Secure. Share this post Link to post Share on other sites
StaticElectricity 8 Report post Posted April 22, 2006 My sincere apologies for just poking around, but thats old old old news man... Share this post Link to post Share on other sites
linuxguy 0 Report post Posted April 23, 2006 (edited) My sincere apologies for just poking around, but thats old old old news man... I think this is a new vulnerability. There was a similar vulnerability in the past... Edited April 23, 2006 by linuxguy Share this post Link to post Share on other sites
StaticElectricity 8 Report post Posted April 23, 2006 hmm... none that i know of... Share this post Link to post Share on other sites
Arun 795 Report post Posted April 23, 2006 This is definetely old news, but released in December 2005. Steve, please add the news source with date when you post news articles. Share this post Link to post Share on other sites
petar 15 Report post Posted April 23, 2006 F-secure issued this warning on 29 Dec, 2005.. Microsoft has released a patch long back on 5 jan,06 for same. This is a critical update found on the link given below. People with autoupdate need not worry. http://www.microsoft.com/downloads/details...&displaylang=en Share this post Link to post Share on other sites
