It is not only *.wmf extensions it is all files that have windows metafile headers that will open with the Windows Picture and Fax Viewer. Any file that has the header of a windows metafile can trigger this exploit. --- "Hayes, Bill" <Bill.Hayes@xxxxxxx> wrote: > CERT now has posted Vulnerability Note VU#181038, > "Microsoft Windows may > be vulnerable to buffer overflow via specially > crafted WMF file" > (http://www.kb.cert.org/vuls/id/181038). The note > provides additional > details about the exploit and its effects. Very few > workarounds have > been proposed other than blocking at the perimeter > and possibly > remapping the .wmf extension to some application > other than the > vulnerable Windows Picture and Fax Viewer > (SHIMGVU.DLL). > > Bill... > > -----Original Message----- > From: davidribyrne@xxxxxxxxx > [mailto:davidribyrne@xxxxxxxxx] > Sent: Wednesday, December 28, 2005 4:18 PM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: WMF Exploit > > > Another quick observation, again, I apologize if > this information has > already been posted; I haven't been able to read all > the posts today. > The thumbnail view in Windows Explorer will parse > the graphics files in > a folder, even if the file is never explicitly > opened. This is enough to > trigger the exploit. Even more frightening is that > you don't have to use > the thumbnail view for a thumbnail to be generated. > Under some > circumstances, just single-clicking on the file will > cause it to be > parsed. > > David Byrne > __________________________________ Yahoo! for Good - Make a difference this year. http://brand.yahoo.com/cybergivingweek2005/
