Serious vulnerability in rendering of Windows Metafile (.wmf) images
Microsoft has released a
security advisory warning of a vulnerability in a Windows graphics rendering engine that could
allow for remote code execution by an attacker on an affected system. Over the past few days a number of Trojans and other malware
have appeared that take advantage of this vulnerability via doctored image files sent as attachments to e-mails or embedded in
webpages.
The vulnerability lies in the way Windows handles the Windows Metafile (.wmf) image file format.
Since the vulnerability was first discovered, a numerous websites and mass-delivered e-mail messages have taken
advantage of this vulnerability to install spyware and as well
as viruses and other malware on vulnerable machines. Among other things, affected computers are used to send out thousands of
spam e-mails without the knowledge or consent of their owners.
Although the behaviour creating
this vulnerability is currently causing serious problems, it was originally a important feature of the Windows operating system and
appears to have been part of Windows since version 3.0 was first released 15 years ago. This vulnerability therefore
affects a very large number of computer users.
F-Prot Antivirus currently detects all know exploits of this vulnerability and tags them as "Security risk". We are also working
on pre-emptive protection against any and all future threats attempting to take advantage of this vulnerability.
Microsoft has not yet released a patch against this vulnerability but has described a workaround for
the problem for users of Windows XP: These users can avoid exploit attacks by
unregistering the Windows Picture and Fax Viewer.
For more information please see:
|
