WMF Flaw Exploit Grows Worse
Published on 29 Dec 2005 · Filed in Information · 184 words (estimated 1 minutes to read)In an update to my previous article on the Windows Metafile flaw, new reports are coming in of greater use of malicious WMF files that take advantage of the flaw, especially by adware companies. Numerous sites are reporting that malicious WMF files are being used in ad rotations on third-party sites. For more information, see one of the following articles:
Analysts Fret as Adware Makers Leverage WMF Flaw
http://www.eweek.com/article2/0,1759,1906915,00.asp
Critical Impact: Windows Metafile Flaw a ‘Zero-Day Exploit’
http://www.eweek.com/article2/0,1759,1906177,00.asp
In addition, there are details on just how easy it is to take advantage of this vulnerability available as well.
The particularly bad part of this whole situation is that users don’t have to do a thing—just visiting a web site with a malicious WMF file can affect your system. And this isn’t an Internet Explorer flaw, either, lest you think that using Firefox will keep you safe. No, this is a Windows flaw, and Internet Explorer, Firefox, Opera, etc., are all affected.
Let’s hope that a good workaround (not unregistering the shimgvw.dll file, which also disables previewing other image formats in Windows Explorer) emerges soon.