If the extension says the file is executable (eg.
WMF VIEWER WINDOWS
And now Windows since Win95 responds to a double-click on a file name by running that file:ġ. Programs, including DOS and Windows, often use the file extension to figure out what kind of file it is. The following is what I wrote to someone a few years ago:Įver since before DOS, a file name would usually end with a file extension, a period followed by up to three letters. Of course, as with any recommendation that you change a system setting, verify this with a Windows guru you trust. It's kind of a pet peeve of mine, but I do believe that it dangerously hides information from you about the email attachments you receive and that Microsoft is negligently helping the hackers. On a related matter, in order to help protect yourself from infected email attachments, I recommend you change a default Windows system setting. It doesn't matter if you did it last weekend that was too soon.
WMF VIEWER PATCH
Until the patch is available from Microsoft, be careful about surfing Web sites that you haven't visited before.ĥ. (This is always good advice anyway.) If you right-click on an email and select "Options" from the pop-up menu, you can look at the email headers and the types of the attachments without actually opening it, to see if it looks suspicious.Ĥ. Don't open or save any attachments in any email that you aren't expecting. Don't use the "thumbnails" or "tiles" views in Explorer. (Actually, this should always be the case anyway, since previews are a huge security hole in Outlook.)Ģ. If you use Outlook for e-mail, make sure you have all previews turned off. Until then, the best thing I can recommend is:ġ. There is an unofficial patch available throught the Internet Storm Center at, but having looked it, it's rather involved and I'm not sure I would recommend it to users who aren't savvy on the internals of Windows. However, the potential for malice between now and then is, in my opinion, huge. Microsoft says that they will release a patch on January 10. It can also be triggered when Explorer indexes a folder or generates a preview image in a folder listing. Also, WMF images can be embedded in, say, MS Word files, and viewing the file triggers the exploit. For example, just viewing a Web page that contains a hacked WMF file is enough to trigger the exploit. The problem is, WMF files can be embedded in a lot of places. The bad news is, as I understand the situation, the vulnerability is not in the Picture and Fax Viewer itself but in a user DLL that is probably used by nearly all picture-viewing apps written for Windows. By default, Windows Picture and Fax Viewer is associated with the following file extensions:īMP DIB GIF EMF JFIF JPE JPEG JPG PNG TIF TIFF WMF A file with any extension that is associated with Windows Picture and Fax Viewer can be used to exploit this vulnerability. Please note that Windows Metafile data may be saved with an extension other than WMF.
WMF VIEWER CODE
The public exploits currently use the Windows Picture and Fax Viewer (SHIMGVW.DLL) as an attack vector affecting users of any Windows-based application that can handle Windows Metafiles.Ī remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.ĭisabling or remapping Windows Metafile files to open a program other than the default Windows Picture and Fax Viewer may prevent exploitation via some attack vectors. wmv files are not involved.įurther info from a link in the page Lucretia posted.
Unfortunately the bad guys will change extensions in order to get us to click on their links and such. wmf Windows Meta Files are associated to images, pictures, icons as a way to construct the image on screen (rendering).
0 kommentar(er)
