Microsoft WMF vulnerability notes
Diane, a fantastic web designer and friend of mine asked me what I thought of Matt Cutts (a Google engineer and the most public “face” of Google) blog about a Windows XP exploit in the form of the WMF format vulnerability.
There is enough data in the answer to share it with you as well, so - here is your answer Diane:
__First, please note that his post is dated Dec, 2005 and that the vulnerability was posted by Secunia in Feb, 2004, and that according to Secunia, this Microsoft WMF vulnerability is still unpatched. See the line “Solution Status” here:
http://secunia.com/advisories/10968/
Who is Secunia?
“It is Secunia’s ambition to be the leading vulnerability intelligence provider and distributor in the world - second to none.”
http://corporate.secunia.com/about_secunia/43/history_secunia_management_ceo_cto/
__Secondly, there are multiple WMF-type vulnerabilities (not all are in Microsoft products) as can be seen here:
http://secunia.com/search/?search=wmf&sort_by=date
__Thirdly, you can read about and download the WMF Vulnerability Checker for Windows from Castlecops (a GREAT anti-malware site) here:
http://www.castlecops.com/downloads-file-495-details-WMF_Vulnerability_Checker.html
__Finally, my suggestion is to use another program for viewing graphic files such as IrfanView. When installed, it gives you the choice of defaulting any, or all, graphics files to it as the default viewer. And it’s always been free.
5 Comments for "Microsoft WMF vulnerability notes"
Leave a comment ...
There may be a delay in displaying comments, which are moderated due to spammer abuse. Apologies; I appreciate your participation and your comment will be reviewed as soon as possible. Posters must be 18 or older | Privacy Policy
» DianeV
03/15/07 @ 2:30 am
Hey, I’m supposed to know all these things? (Joking, of course.) Thanks for the data.
» Dan
03/20/07 @ 8:42 pm
Actually, no.
I would never expect any computer user to know this type of information because it doesn’t come under the realm of information a typical user would ever see.
Most computer technicians will never know this data either…
» DianeV
03/21/07 @ 10:44 am
Actually, I remember this from a couple of years ago. Was just wondering what had been done about it. As it turns out, it appears that it’s still not resolved.
» Wmf User
03/26/07 @ 3:53 am
So just by viewing an wmf-file malicious content can be transfered to my pc? Can thisonly happen when I use the Internet Explorer or is it the same for Firefox or Opera?
It’s very strange that this vulnerability is still not fixed.
» Dan
03/30/07 @ 7:22 am
The vulerability is with the way Windows handles WMF files, unfortunately it doesn’t matter what browser you use.
HOWEVER, you can use another program to handle your picture files to bypass this problem. (Such as IrfanView for graphic files in general, or Xara X for WMF files in particular.)
And, yes, it is strange that this hasn’t been handled.