Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: John Larkin <jjlarkin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 02 Jan 2006 10:54:53 -0800
On Mon, 02 Jan 2006 16:29:10 GMT, Rich Webb
<bbew.ar@xxxxxxxxxxxxxxxxxx> wrote:
>On 2 Jan 2006 07:24:05 -0800, Winfield Hill
><Winfield_member@xxxxxxxxxxx> wrote:
>
>>Frank Bemelman wrote...
>>>
>>>> I've finally installed Opera ...
>>
>> Doesn't matter, it's picture links that get you, and Opera will
>> show a picture if asked to.
>
>Opera can be set to automatically download application/x-msmetafile
>and .wmf file types. I've set mine to dump any that it comes across
>into c:/null. As nearly as I can tell from testing here with self-made
>wmf files, this works correctly as a quarantine measure.
>
>The display of wmf images by Opera can also be affected by whether the
>user has installed file viewers beyond the vanilla MS handlers. I use
>IrfanView aka IView as a general-purpose viewer and it is the registered
>system wmf viewer. I *do not* know whether IView passes wmf images to a
>lower-level system DLL for decoding, though.
>
>Quarantine seems to be the safest route. The wmf file types are (were)
>very rare either as web images or in e-mail; mostly used to embed
>graphic images in Word and such.
A wmf file can be renamed by the exploiter to .jpg, .gif, .bmp,
anything. Windows, stupid and voracious as it is, can be fed
"file.jpg" but will execute it as a wmf. So just dumping wmf files
isn't good enough. Such a file can merely be *in a folder*, not even
opened, and do its thing.
Install the patch!
Oh, I looked all over the Microsoft security site and can find no
mention of this exploit. How come some freelance blogger can write a
fix in hours, and Microsoft stays silent?
John
.
- Follow-Ups:
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Winfield Hill
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- References:
- A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: JeffM
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Frank Bemelman
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Winfield Hill
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Frank Bemelman
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Pooh Bear
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Frank Bemelman
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Winfield Hill
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Rich Webb
- A Very Dangerous Worm in Windows Metafile Images (WMF)
- Prev by Date: Re: Big Brother's keeping an eye^H^Hear on you.. Mobiletrak
- Next by Date: Re: I'm surprised...
- Previous by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- Next by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- Index(es):
Relevant Pages
|
