![]() ![]() The vulnerability Īccording to assessments by F-Secure, the vulnerability is an inherent defect in the design of WMF files, because the underlying architecture of such files is from a previous era, and includes features which allow actual code to be executed whenever a WMF file opens. Gibson wrote the program MouseTrap, which his company distributes as freeware, to detect Windows Metafile vulnerability in systems running Windows and Windows emulators. A Unix-like system that uses Wine to emulate Windows, for example, could be exploited. ![]() Windows wmf viewer software#This could include software that incorporates or clones Windows' native Graphics Device Interface (GDI) Dynamic-link library (DLL) or that run Windows or Windows programs through an emulator or compatibility layer. However, a non-Windows system could become vulnerable if it runs software to view Windows WMF files. Operating systems other than Windows (e.g., macOS, Unix, Linux, etc.) are not directly affected. Windows operating systems that do not have image preview enabled or that have hardware-based Data Execution Prevention (DEP) active for all applications should not be susceptible to this exploit. Īccording to computer security expert Steve Gibson, Windows NT 4 is vulnerable to known exploits if image preview is enabled. Later versions of Windows do not have this vulnerability. However, Windows NT 4.0 and Windows XP, unless patched, are more vulnerable than earlier versions because their default installation enables Windows Metafile code execution, the source of the vulnerability. All versions from Windows 3.0 to Windows Server 2003 R2 contain this security flaw. ![]() Exploits taking advantage of the vulnerability on Windows NT-based systems facilitated the propagation of various types of malware, typically through drive-by downloads.ĭue to extreme impact, this bug won the 2007 Pwnie Award for "Mass 0wnage" and "Breaking the Internet".Īll versions of the Microsoft Windows operating system support the Windows Metafile graphics standard. However, attack vectors only exist in NT-based versions of Windows (Windows NT, Windows 2000, Windows XP and Windows Server 2003). The vulnerability was located in gdi32.dll and existed in all versions of Microsoft Windows from Windows 3.0 to Windows Server 2003 R2. Attacks using this vulnerability are known as WMF exploits. Windows wmf viewer update#Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2006. It was discovered on December 27, 2005, and the first reports of affected computers were announced within 24 hours. It permits arbitrary code to be executed on affected computers without the permission of their users. The Windows Metafile vulnerability-also called the Metafile Image Code Execution and abbreviated MICE-is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |