jonnyofthedead
01-02-2006, 07:52 PM
There is a very serious vulnerability in Windows that is starting to be exploited by unscrupulous persons on the internet. It is thought to affect all versions of windows from '98 upwards, and there is as yet no official patch; the vulnerability allows an attacker to remotely execute arbitrary code with system privileges on any machine. The attack comes in the form of a .wmf image, which may be disguised as a .jpg or some other sort of file. Typically, the attack is triggered by a user viewing the image; however, if you have Google Desktop Search on your machine, it will initiate the attack as it indexes the contents of your hard drive. There are a couple of workarounds - one can disable the .dll that was originally fingered as the weak point, but even that is not necessarily sufficient. There is also an unofficial patch available at the site linked below.
The exploit is now being spammed - if your system is unpatched, be extremely wary of any pictures you may be sent over the next few days.
http://isc.sans.org/diary.php?date=2006-01-01
The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don't have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software. Viewing a directory in Explorer with 'Icon size' images will cause the exploit to be triggered as well.
The exploit is now being spammed - if your system is unpatched, be extremely wary of any pictures you may be sent over the next few days.
http://isc.sans.org/diary.php?date=2006-01-01
The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don't have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software. Viewing a directory in Explorer with 'Icon size' images will cause the exploit to be triggered as well.