Re: A Very Dangerous Worm in Windows Metafile Images (WMF)

From: John Devereux <jdREMOVE@xxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Jan 2006 13:48:53 +0000

Winfield Hill <Winfield_member@xxxxxxxxxxx> writes:

> John Devereux wrote...
>>
>> Winfield Hill writes:
>>
>>> Frank Bemelman wrote...
>>>>
>>>> Mike Monett wrote...
>>>>
>>>>> This is a very serious problem. Watch the internet melt
>>>>> tomorrow when everyone comes back from XMas vacation.
>>>>
>>>> Hahahahaha.....
>>>
>>> Most of us don't visit malicious web pages.
>>
>> <SNIP>
>>
>> It might only takes an external graphics ad on an otherwise
>> "respectable" site.
>
> Yes. But the keyword is "respectable" - So, I'd say even if
> you install Ilfak Guilfanov's WMF-Exploit patch (on W2000 sr4
> and XP sr2 systems only, SFAIK) - I have done so - be careful
> to only visit *very* safe well-known websites.
>
> Ilfak's patch blocks WMF files from executing any internal code
> they might carry (this was a MS Windows design feature intended
> to implement a "SETABORT escape sequence," but able to do more).
>
> http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html#more
> http://blog.ziffdavis.com/seltzer/archive/2005/12/31/39650.aspx
> http://www.grc.com/sn/notes-020.htm
> http://www.f-secure.com/weblog/
> http://ipadventures.com/
>
> Once Microsoft eventually offers a fix, and it's installed, and
> after a few days (weeks?) multiple ALL CLEARs have been issued,
> Ilfak's patch can be removed (using Add/Remove Programs). Then
> we can begin random web-exploring once more. :-) Sheesh!

I would rather suggest using another browser (I use firefox), at least
for your general use. It has been months since I had to fire up IE,
and then it was just to check if some web site malfunction was browser
related or not.

--

John Devereux
.

Follow-Ups:
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: JeffM
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Pooh Bear

References:
- A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: JeffM
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Frank Bemelman
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Winfield Hill
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: John Devereux
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
  - From: Winfield Hill

Prev by Date: Re: Optoisolator CTR questions
Next by Date: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
Previous by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
Next by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
Index(es):
- Date
- Thread

Relevant Pages

Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
... >>I would rather suggest using another browser, ... >> John Devereux ... > I usually feed the URL into the HTML Validator Service ... Looked ok to me (on firefox 1.5). ...
(sci.electronics.design)
Re: betfair.com like site
... >your expense, and at great expense to them is ridiculous. ... fully research and continually research any particular browser's ... are getting so paranoid about all sorts of malicious web content that ... IE as default browser has ...
(borland.public.delphi.thirdpartytools.general)
Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
... Pooh Bear wrote... ... > John Devereux wrote: ... >> I would rather suggest using another browser (I use firefox), ...
(sci.electronics.design)