Vulnerability test file for the WMF exploit

- W
- Winfield Hill
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Mon, Jan 2, 2006 11:45 AM

People may feel safer getting executable files from the horse's mouth.

formatting link

--
 Thanks,
    - Win

- P
- Pooh Bear
  
  Contact options for registered users
posted
18 years ago

Mon, Jan 2, 2006 7:16 PM

I've posted a 'checker' program for the WMF exploit over in a.b.s.e

Be aware that its reults aren't conclusive but it may prove helpful.

Graham

- W
- Winfield Hill
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Jan 3, 2006 9:30 AM

These both give you the same patch, written by Ilfak Guilfanov. Your link has an excellent updated discussion, from which we learn that trusted websites have already been compromised to secretly deliver the WMF exploit file. It would seem the criminal element is aggressively right on top of this opportunity. Their goal will be to add to their pile of computers under their control, i.e., computers they can send commands to, which will then send files, etc., that can't be traced to the criminal. I think most intend to do this in a behind-the-scenes way you won't notice (unless your computer is running an outgoing-packet firewall program).

--
 Thanks,
    - Win

- R
- Robert
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Jan 3, 2006 12:14 PM

There's an unofficial patch for the exploit that's been vetted by SANS. As well as instructions on unregistering the affected DLL.

formatting link