Ben Cantrick (mackys) wrote,
Ben Cantrick

[MeFi] Windoze WMF vulnerability patch.

Microsoft Windows Metafile (WMF) format images are graphical files that can contain both vector and bitmap-based picture information. WMF files contain a sequence of GDI function calls. The image is created by executing the GDI functions. Certain GDI functions can have unexpected security implications. The GDI Escape function allows an application to access capabilities of a device that are not directly available through GDI. For example, a print job can be cancelled via a GDI Escape call.

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

Yup, you read that right: VIEW AN IMAGE, GET P0WNED! Thanks a lot for designing the GDI so that images can execute code, MS. Great idea there. Almost as good as letting an email execute arbitrary javascript when I click on it.

Patch this now. There is already one verified worm in the wild that takes advantage of this, and more are undoubtedly on the way. This is literally a "view a web page with a bad image on it, and your computer is owned" exploit, so your firewall and such do not protect you one whit. Do not wait; patch it. Until MS bestirs itself to fix the problem, use Ilfak Guilfanov's patch. (Note: Bastard spammers are now apparently churning out many fake "patches" for this problem that do not fix it, but instead just install spyware and popup loaders on your system. So either install Guilfanov's patch, or do not install any patch at all.)

Edit: A tool to check if your system is vulnerable here. Thanks to cassandrapoe.

Edit 2: Also check out spiderfarmer's post on the subject, which includes a link to an excellent Wikipedia page on the vulnerability.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.