Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

WMF Flaw Exploit Grows Worse

In an update to my previous article on the Windows Metafile flaw, new reports are coming in of greater use of malicious WMF files that take advantage of the flaw, especially by adware companies. Numerous sites are reporting that malicious WMF files are being used in ad rotations on third-party sites. For more information, see one of the following articles:

Analysts Fret as Adware Makers Leverage WMF Flaw
http://www.eweek.com/article2/0,1759,1906915,00.asp

Critical Impact: Windows Metafile Flaw a ‘Zero-Day Exploit’
http://www.eweek.com/article2/0,1759,1906177,00.asp

In addition, there are details on just how easy it is to take advantage of this vulnerability available as well.

The particularly bad part of this whole situation is that users don’t have to do a thing—just visiting a web site with a malicious WMF file can affect your system. And this isn’t an Internet Explorer flaw, either, lest you think that using Firefox will keep you safe. No, this is a Windows flaw, and Internet Explorer, Firefox, Opera, etc., are all affected.

Let’s hope that a good workaround (not unregistering the shimgvw.dll file, which also disables previewing other image formats in Windows Explorer) emerges soon.

Be social and share this post!