The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

F-Secure : News from the Lab – Which platforms can really get hit by WMF?

I was wondering about this. The original advisory does only mention XP and Server 2003 being the most vulnerable.  However the phrase, “no Windows versions, in their default configuration, have a default association for WMF files”.  This is a little bit of a loaded statement, and as F-Secure states below using third party image viewers adds in another variable.

F-Secure : News from the Lab – January of 2006.

Which platforms can really get hit by WMF? Posted by Mikko @ 07:29 GMT

Windows 3.11Larry Seltzer from eWeek has been doing lots of additional testing against older versions of Windows and bad .WMF files.

He has just blogged his interesting findings:

…in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw.
…all versions of Windows back to 3.0 have the vulnerability in GDI32. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files…

So the vulnerability is there on all platforms but it seems that only Windows XP and 2003 are easily exploitable. Unfortunately this still means that majority of Windows computers out there are vulnerable right now. And at least Windows 2000 becomes vulnerable if you’re using many of the available third party image handling programs to open image files.

It’s still a bit unclear what happens on older platforms when malicious WMF files are renamed to something else than .WMF.

Advertisements

January 3, 2006 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: