Kav 5.0 -and- Nod32 - WMF Vulnerabilty

Recommended Posts

KAV 5.0 Windows products patched for .wmf vulnerability

Patches have been issued for Kaspersky AV Personal 5.0, Kaspersky Personal Security Suite, Kaspersky AV Personal Pro 5.0, Kaspersky AV for Windows Workstations 5.0, Kaspersky AV for Windows File Servers 5.0. This ensures that the product will provide protection against the Microsoft Windows .wmf vulnerability.

The patches mean that Kaspersky Anti-Virus will be able to to scan wmf-files in real-time protection mode. Previously, such files were considered not to be vulnerabile to infection, and were therefore not scanned in real-time protection mode.

The kav_pers_patch.exe patch applies to Kaspersky Anti-Virus Personal from version 5.0.121 and upwards and Kaspersky Personal Security Suite version 1.1.53 and upwards. For KAV Personal it is recommended to install it on version 5.0.388, 5.0.390.

The patch kav_ppro_patch.exe is applicable to Kaspersky Anti-Virus Personal Pro starting from version 5.0.121. It should be installed on versions 5.0.388, 5.0.390.

The patch_all_wks_to_5.0.xxx.exe patch applies to Kaspersky Anti-Virus for Windows Workstations versions 5.0.145 and upwards. It should be installed on version 5.0.225.

The patch_all_fs_to_5.0.xx.exe patch applies to Kaspersky Anti-Virus for Windows File Servers, versions 5.0.33 and higher. It should be installed on version 5.0.72.

The patches replace avlib.ppl, and do not change the product version. You must have Administrator privileges in order to install the patch. Once the product has been installed, you should reboot (a prompt will be displayed).

More Info & Download»

NOD 32 - WMF Patch

by Paolo Monti

Paolo Monti has released a temporary patch for the WMF vulnerability ( see Microsoft Security Bulletin 912840 ). This patch intercepts the Escape GDI32 API in order to filter the SETABORTPROC (function number 9). It uses dynamic API hooks avoiding patching/modifying of the GDI32 code. Advantages of this approach: fully dynamic - no reboot is required.

This patch also works on Windows 9x/ME. Administrator rights are required to install it on WinNT,2000,XP, 2003 systems.

Installation: unzip the file WMFPATCH11.ZIP and run the provided INSTALL.EXE file. Follow the instructions of the installer.

Uninstallation: go into Windows Control Panel, Add/Remove Programs, select "GDI32 - WMF Patch" and remove it.

More Info & Download»

Link to post
Share on other sites
This topic is now closed to further replies.