'Really Bad' Exploit Threatens Windows

Osiris · 12-28-2005, 08:12 PM

A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware.

WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.

Microsoft previously fixed a vulnerability affecting WMF and EMF files in November. That problem affected Windows 2000, XP and Windows Server 2003.

"We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. These image files can be modified very easily to download any malware or virus," said Alex Eckelberry, CEO of Sunbelt Software.

12-28-2005, 08:12 PM	#1 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 25,416	'Really Bad' Exploit Threatens Windows A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware. WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise. Microsoft previously fixed a vulnerability affecting WMF and EMF files in November. That problem affected Windows 2000, XP and Windows Server 2003. "We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. These image files can be modified very easily to download any malware or virus," said Alex Eckelberry, CEO of Sunbelt Software. __________________ www.MasterB365.com www.Tech-Dump.com "On 10-3-08 Obama Supporters Vandalized-Tresspassed and STOLE My Palin-McCain Sign Violating My First Amendment Right To Free Speech. Do It Again And You Will Find Out What The 2nd Amendment Is All ABOUT!"

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode