WMF Flaw Exploit Grows Worse29 December 2005 · Filed in Information
In an update to my previous article on the Windows Metafile flaw, new reports are coming in of greater use of malicious WMF files that take advantage of the flaw, especially by adware companies. Numerous sites are reporting that malicious WMF files are being used in ad rotations on third-party sites. For more information, see one of the following articles:
Analysts Fret as Adware Makers Leverage WMF Flaw
Critical Impact: Windows Metafile Flaw a ‘Zero-Day Exploit’
In addition, there are details on just how easy it is to take advantage of this vulnerability available as well.
The particularly bad part of this whole situation is that users don’t have to do a thing—just visiting a web site with a malicious WMF file can affect your system. And this isn’t an Internet Explorer flaw, either, lest you think that using Firefox will keep you safe. No, this is a Windows flaw, and Internet Explorer, Firefox, Opera, etc., are all affected.
Let’s hope that a good workaround (not unregistering the
shimgvw.dll file, which also disables previewing other image formats in Windows Explorer) emerges soon.