Re: A Very Dangerous Worm in Windows Metafile Images (WMF)

John Larkin wrote:

[...]

> It took the genius of Bill Gates to design an os that allows worms to
> be resident in viewable images. As I recall, Windows had the same
> problem with true jpeg files once.
>
> "When in doubt, execute it."
>
> John

According to the CERT advisory, a wmf file can have many extensions:

------------------------------------------------------------------

"Please note that Windows Metafile data may be saved with an
extension other than WMF. A file with any extension that is
associated with Windows Picture and Fax Viewer can be used to
exploit this vulnerability. By default, Windows Picture and Fax
Viewer is associated with the following file extensions:"

"BMP DIB GIF EMF JFIF JPE JPEG JPG PNG TIF TIFF WMF"

http://www.kb.cert.org/vuls/id/181038

------------------------------------------------------------------

The IM worm that was released yesterday was "http://[snip]/xmas-2006
FUNNY.jpg".

So we can't tell if an image file is safe by looking at the extension.

Pure chaos.

Mike Monett
.

Relevant Pages

  • Re: EAGER
    ... bothered but I'll try that extension. ... I'm starting to pare it back to a lean, clean install. ... [Worms: The Directors Cut] ... feeling some games give. ...
    (comp.sys.amiga.games)
  • Problem viewing dcx files
    ... Am facing a problem on opening or viewing (dcx files). ... I tried to associate that extension with Windows picture and fax viewer program but it did not work. ...
    (microsoft.public.windowsxp.general)
  • File extension unknown
    ... Extension not visible (have changed the settings ... Won't open with Word, Publisher, ... Paint Shop Pro, PPT, Windows Picture and Fax viewer etc. ...
    (microsoft.public.windowsxp.photos)
Loading