Microsoft Windows Security Warning

  sjbell 16:57 28 Dec 05

Just seen this over on the Secunia website (click here)

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild.

The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.

Do not open or preview untrusted ".wmf" files and set security level to "High" in Microsoft Internet Explorer.

  sjbell 17:07 28 Dec 05

'J B' has further details in his post (click here)

  sjbell 17:41 28 Dec 05

More at about. com click here

  Number 7 18:52 28 Dec 05

NOD32 has patched the expliot, and no doubt the the other AV vendors have/will do the same.

Reference for NOD32 users: click here

  SG Atlantis® 19:34 28 Dec 05

I have nero photosnap as my default image viewer.

so am I safe?

  Number 7 20:51 28 Dec 05

No, you're not.

The exploit is in the operating system.

It doesn't matter which App you use.

  SG Atlantis® 20:58 28 Dec 05

:( following the above guidelines. thanks sjbell for making us aware.

  PaulB2005 23:17 28 Dec 05

No they haven't. It just detects the corrupted files and stops them. The OS is still vulnerable if NOD32 is removed.

  Number 7 23:52 28 Dec 05

Windows XP is more vulnerable if SP2 is removed, never mind an AV.

A user's AV doesn't detect the "corrupted" files by the way, the AV detetcts the use of the particular exploit.

Your AV will probably detect the exploit as Trojan something or other- that's the way AV's deal with OS exploits.

  sjbell 08:58 29 Dec 05


  J B 11:16 29 Dec 05

This is a work-around that I found at click here You can either read it here or go to the website to verify. Update: One way to prevent this exploit from working is to disable the Windows Picture and Fax Viewer component. To do so, click Start, Run. In the Open box, type the following command:

regsvr32 /u shimgvw.dll

Press Enter to make the change.

This measure isn’t without side effects. Disabling this component eliminates the capability to view thumbnails of all image types (not just WMF files) in Windows Explorer folders, and it zaps the Preview command for images as well. You can work around these limitations by using a graphics viewing/editing program.

To re-enable the Windows Picture and Fax Viewer, issue this command:

regsvr32 shimgvw.dll Hope this little copy and paste helps. J.B.

This thread is now locked and can not be replied to.

Samsung Galaxy S8 review

1995-2015: How technology has changed the world in 20 years

What’s happening in VR right now: From psychedelic art to combat therapy

Siri not working? Try these troubleshooting fixes