dvnityCker Posted January 4, 2006 Report Share Posted January 4, 2006 The WMF exploit is made possible because of a design flaw. In other words, according to F-Secure, it's not a bug, it's a feature. And F-Secure says this design mistake may have been around since the days of Windows 3.0. As SANS says, "the Microsoft WMF vulnerability is bad. It is very, very bad." Here are five other facts about the WMF flaw that is leaving all of us Windows users very, very vulnerable. Fact #1: You do not have to open the image file to be affected.. If you browse to a folder it's in, view a website it's on, receive it in email, click a link pointing to an exploited image in IM or email, select it with your mouse or keyboard, or if you use Google Desktop, the exploit will render. Fact #2: This is not a browser problem. Using Firefox or Opera isn't going to help. This exploit is made possible because of a design flaw in the Windows operating system. The rendering of the exploit happens within Windows (gdi32.dll to be exact, and not from within and not because of the browser). As seen in Fact #1 above, you can also encounter an exploited image file in a variety of ways, not just by web surfing. Fact #3: The .WMF extension is immaterial. Just because the image has a different extension, doesn't mean it's not a WMF file containing the exploit. The most recent version spotted in email was disguised as HappyNewYear.JPG. This wasn't some double extension ruse either. Windows doesn't care what extension the image file has, it will still recognize that it's a WMF file and the handling for it will be the same - thus the exploit will render. Fact #4: The exploit is not restricted to Windows Fax and Picture Viewer. The vulnerable DLL is actually GDI32.DLL. The previously implicated SHIMGVW.DLL is guilty, but apparently only because it calls GDI32.DLL. However, you can not unregister GDI32.DLL - not if you want your system to function, that is. A patch for GDI32.DLL was created by IDA Pro genius Ilfak Guilfanov and it's backed up by SANS. You can read more about Iflak's patch, and how to download it, here. Fact #5: The exploit impacts nearly all Windows users. Affected versions include: all versions of Windows XP (SP1 and SP2, Pro and Home, 32-bit and 64-bit), Windows Server 2003 (including SP1, 32-bit and 64-bit, and Itantium-based versions), Microsoft Windows 2000 Service Pack 4, as well as Windows 98 (including SE), and Windows ME. In short, if you use Windows, odds are you are one of the 'hundreds of millions' sitting ducks to this exploit. ukratko, WMF je ekstenzija za slike, i virus mozete zakaciti vrlo lako, ne morate ni da otvorite celu sliku, dovoljno je da pratite link do nje. Utice na SVE browsere. Koliko sam ja skontao, na zarazenom kompjuteru instalira se u obliku trojanca. Quote The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country. Link to comment Share on other sites More sharing options...
Stator Posted January 5, 2006 Report Share Posted January 5, 2006 Kasperski je isbacio pach za svoj AV koji u real-timeu ubija ovaj virus http://www.kaspersky.com/faq?qid=176830011 Ne znam da li jos neki AV ovo odklanja (bacajte info ovde) Quote Link to comment Share on other sites More sharing options...
Stator Posted January 6, 2006 Report Share Posted January 6, 2006 http://www.microsoft.com/technet/security/...n/MS06-001.mspx MS izdao patch :) Quote Link to comment Share on other sites More sharing options...
dvnityCker Posted January 6, 2006 Author Report Share Posted January 6, 2006 oh, pre roka.. svaka im cast :) Quote The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country. Link to comment Share on other sites More sharing options...
el.Sendador Posted January 8, 2006 Report Share Posted January 8, 2006 ja sam cuo da se siri preko messagera windows 8 ,mada ga ja i nekoristim :) Quote I am the centre of this universe.The wind of time is blowing through me,and it's all moving relative to me, it's all a figment of my mind in a world that I've designed. I'm charged with cosmic energy. Has the world gone mad or is it me? I am the creator of this universe,and all that it was meant to be,so that we might learn to see.This foolishness that lives in us and stupidity that we must suss ! How to banish from our minds,if you call this living I must be blind.Ma ja sam puko! Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.