You are either not logged in or not registered with our community. Click here to register.
 
December 08, 2016, 03:48:13 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: Please read (new vulnerability in Windows found, go figure)  (Read 1051 times)

0 Members and 1 Guest are viewing this topic.

Offline VekseidTopic starter

Please read (new vulnerability in Windows found, go figure)
« on: December 30, 2005, 08:25:40 AM »
Those of you running Windows XP, or any related operating system, ought to take heed.  A new vulnerability has been found in Windows and it's already spreading spyware and worse like mad.

Essentially it exploits a vulnerability in the .wmf file parsing in Windows.  Internet Explorer and Outlook automatically execute commands in these 'picture' files - but they are a lot more than that.  Merely visiting a page in internet explorer, seeing an e-mail in Outlook or actively viewing images through Thunderbird, or actively downloading and playing them in Firefox or Opera can trigger the vulnerability.

A current fix is to disable the rendering of wmf files, via the following instructions:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

This may cause some other troubles with some thumbnail-viewing applications, since it is a disabled feature.

Once Microsoft releases a patch, you can re-enable it by replacing step 3 above with:
regsvr32 /u shimgvw.dll

Instead.

Offline Zakharra

Re: Please read (new vulnerability in Windows found, go figure)
« Reply #1 on: December 31, 2005, 12:34:32 AM »
  ???

Offline Lilac

Re: Please read (new vulnerability in Windows found, go figure)
« Reply #2 on: December 31, 2005, 06:32:54 AM »
He's referring to this:

http://isc.sans.org//diary.php?storyid=972

It is a serious issue, especially with the kinds of sites that many people here no doubt visit.