Brandon Posted December 28, 2005 Report Share Posted December 28, 2005 (edited) Story published by SecuniaSource: H D MooreA vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.Solution:Do not save, open or preview untrusted image files from email or other sources, or open untrusted folders and network shares in explorer.Set security level to "High" in Microsoft Internet Explorer to prevent automatic exploitation.The risks can be mitigated by unregistering "Shimgvw.dll". However, this will disable certain functionalities. Secunia do not recommend the use of this workaround on production systems until it has been thoroughly tested.Secunia Advisory Edited December 29, 2005 by Brandon Quote Link to post Share on other sites
Makai Posted January 1, 2006 Report Share Posted January 1, 2006 Here is the best fix for now. The MS recommended fix doesn't really do anything and actually breaks a couple of functions. Quote Link to post Share on other sites
Brandon Posted January 7, 2006 Author Report Share Posted January 7, 2006 (edited) Updated 1/6/06Apply patches.Microsoft Windows 2000 (requires Service Pack 4):http://www.microsoft.com/downloads/details...A3-00FFE7B2AC74Microsoft Windows XP (requires Service Pack 1 or 2):http://www.microsoft.com/downloads/details...9B-215B7BB4D8E9Microsoft Windows XP Professional x64 Edition:http://www.microsoft.com/downloads/details...D4-28ECA6ECE877Microsoft Windows Server 2003 (with or without Service Pack 1):http://www.microsoft.com/downloads/details...03-DB5B9077F1F2Microsoft Windows Server 2003 (Itanium) (with or without SP1):http://www.microsoft.com/downloads/details...06-A5CA8845CC09Microsoft Windows Server 2003 x64 Edition:http://www.microsoft.com/downloads/details...A4-3B71108CFE2DSee vendors advisory for information about Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). Edited January 7, 2006 by Brandon Quote Link to post Share on other sites
Brandon Posted January 7, 2006 Author Report Share Posted January 7, 2006 To install correctly then follow the post here by chachazz: http://www.besttechie.net/forums/index.php...indpost&p=55302 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.