The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

SANS – Internet Storm Center – Checking for .wmf Vulnerabilities

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System.

Handler’s Diary January 2nd 2006

Checking for .wmf Vulnerabilities

Published: 2006-01-02,
Last Updated: 2006-01-03 02:44:21 UTC by Marcus Sachs (Version: 1)
As far as we know there are no tools available yet for remote scanning and detection of systems vulnerable to the .wmf issue.  Ilfak Guilfanov has a testing tool available on his website, and he cautions users that it only checks for one version of the exploit so it might not detect new variations.

If you want to experiment with another file submitted to us by Kevin Gennuso (thanks, Kevin) you can download it here.  The file will open calc.exe and kill explorer.exe on vulnerable systems but otherwise causes no damage as far as we can tell.  As always, test this file before using it on a production or enterprise computer.  This file is useful for seeing if Ilfak’s patch worked for your system.

Reik Bohne sent us a link to a test on heise.de.  It’s in German but essentially what it does is provides you with a way to check your browser and your email client to see if you are vulnerable.  Like the file above, it starts calc.exe on an unpatched system.

Advertisements

January 4, 2006 - Posted by | Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: