TELECOM Digest OnLine - Sorted: Another Critical Flaw Detected in Windows Metafile

Another Critical Flaw Detected in Windows Metafile

Jay Wrolstad (
Sat, 31 Dec 2005 11:19:44 -0600

Jay Wrolstad,

A vulnerability has been discovered in Microsoft Windows that allows
hackers to remotely access PCs and install malware through an
imaging-handling technology in the operating system.

Microsoft acknowledged the release of exploit code that could allow an
attacker to execute arbitrary code when someone visits a Web site that
contains a specially crafted Windows Metafile (WMF) image. Security
authority Secunia labeled the vulnerability "extremely critical."

Malicious Graphics Files

WMF images are graphical files that can contain both vector and
bitmap-based picture information. Microsoft Windows contains routines
for displaying such files, but a lack of input validation in one of
these routines may allow a buffer overflow to occur, which in turn may
allow remote code execution.

The vulnerability can also be triggered from the Internet Explorer
browser if the malicious file has been saved to a folder and renamed
to other image file extensions such as ".jpg," ".gif," ".tif," and
".png." It has been detected on a patched system running Microsoft
Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server
2003 systems also are affected.

Current exploits use the Windows Picture and Fax Viewer to attack any
application that can handle Windows Metafiles. Disabling the Windows
Picture and Fax Viewer will not eliminate the risk as the flaw exists
in the Windows Graphical Device Interface library.

The flaw has also raised concerns that Google Desktop may be another
potential attack vector, and that various antivirus software products
cannot detect all known exploits for this vulnerability.

A Familiar Problem

By default, Explorer on those operating systems runs in a restricted
mode known as Enhanced Security Configuration, which Microsoft said
mitigates this vulnerability as far as e-mail is concerned, although
clicking on a link in a message would still put users at risk.

Yankee Group senior analyst Andrew Jaquith characterized the
vulnerability as a serious security issue that has cropped up before
in browsers, including Firefox and Safari. "It's particularly nasty
because the browser automatically loads images when users visit a Web
site. There is no built-in protection," he said.

Jaquith predicted that additional exploits of the vulnerability are
expected since there is no patch available and the security hole is
difficult to plug.

People who use Windows are advised to be wary when opening e-mail and
links in e-mail from sources they don't trust. They should not save,
open or preview image files from unfamiliar sources. And, as always,
people are encouraged to update the patches for their operating
systems. In general, just toss out unread email you were not expecting
or do not know the origin of.

Microsoft vowed to investigate the vulnerability and to provide a
security update when it becomes available. Customers who believe they
may have been affected may contact the company's Product Support

Copyright 2005 NewsFactor Network, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at . Hundreds of new
articles daily. And, discuss this and other topics in our forum at (or)

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, News Factor Network.

For more information go to:

[TELECOM Digest Editor's Note: So, start the new year right with a
nasty thing in your computer. If we cannot _even read_ email from
people we do not know (or in many cases, ignorant people we _do_ know
who like to 'pass this along to all your friends'), and there are a
lot of web sites we cannot really trust, then tell me again, what is
the purpose of computers? PAT]

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Adam Pasick: "Web Services Thrive, but Outages Outrage Users"
Go to Previous message: "Re: Amtrack Passengers Stranded in Woods in Georgia"
TELECOM Digest: Home Page