Email: Password: Remember Me | Create Account (Free)

Back to Subject List

Old thread has been locked -- no new posts accepted in this thread
Joseph Hebert
01/10/06 16:06
Read: 773 times
Okemah, Ok
United States

#107007 - Windows Meta File Vulnerability
Hi Everybody,

I don't know how many of you were aware of the WMF (Windows Meta File) vulnerability that some hackers had recently discovered, but it made the news in some outlets over the last few weeks. It seemed that there was a way that hackers could execute code on a remote system just by displaying a graphic image that had been encoded to exploit the vulnerability. It affected all versions of Windows going back to the early nineties, and unlike previous vulnerabilities it did not require that you click on a link or open an infected email. All you had to do was go to a website with a maliciously encoded graphic, or even see one in the preview pane of your email software (Outlook Express), and you were hit. And to make matters worse, hackers were writing and sharing the code to do this while Microsoft was still trying to figure out how to fix it.

Well the good news is that Microsoft has come up with the fix and it is included in this month's (January's) update. If you haven't done so already, you might want to go now and get the update (assuming you use Windows). It's at the following URL;

List of 11 messages in thread
Windows Meta File Vulnerability      Joseph Hebert      01/10/06 16:06      
   tried to go there      Farshid Jafari Harandi      01/10/06 16:53      
      It probably hits all email programs      Oliver Sedlacek      01/11/06 10:00      
         Windows only      Steve M. Taylor      01/11/06 13:33      
            Ouch      Craig Steiner      01/11/06 14:15      
               Apparently      Steve M. Taylor      01/11/06 14:16      
                  Such As?      Ian Bell      01/11/06 14:21      
                     One Example      Joseph Hebert      01/11/06 14:53      
                     Not my kink      Steve M. Taylor      01/11/06 15:26      
                        SwitcherCAD      Ian Bell      01/12/06 03:31      
            IE under WINE      Ian Bell      01/11/06 14:15      

Back to Subject List