NationMaster - Encyclopedia: 2005 WMF vulnerability

The 2005 WMF vulnerability was a flaw in the Windows operating system that was first disclosed on Bugtraq on 28 December 2005, and was subsequently used in a variety of exploits. The flaw, located in gdi32.dll, was based on the way Windows handles Windows Metafile vector images, and allowed a well crafted file to execute arbitary code without the user's permission. The flaw is known to affect Microsoft Windows versions from Windows 98 to Windows 2003 Server SP1, and probably affects versions as old as Windows 3.0. Wikipedia does not have an article with this exact name. ... To suggest a relevant news story for the main page, refer to the criteria then add your suggestion at the candidates page. ... Microsoft Windows is a range of commercial operating environments for personal computers. ... Bugtraq is a full disclosure mailing list dedicated to issues about computer security. ... December 28 is the 362nd day of the year (363rd in leap years) in the Gregorian Calendar, with 3 days remaining. ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ... An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. ... GDI is short for Graphics Device Interface or Graphical Device Interface, and is one of the three core components or subsystems of Microsoft Windows. ... Windows Metafile (WMF) is a common graphics file format on Microsoft Windows systems. ... Microsoft Windows is a series of operating environments and operating systems created by Microsoft for use on personal computers and servers. ... Windows 98 (codename Memphis) is a graphical operating system released on June 25, 1998 by Microsoft. ... Windows Server 2003 Desktop The successor to Windows 2000 Server, Microsofts Windows Server 2003 (codename Whistler Server, also known as Windows NT 5. ... A typical Windows 3. ...

According to Secunia, "The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails." Secunia is a computer security service provider best known for tracking vulnerabilities in more than 4500 pieces of software and operating systems. ...

Exploits using this vulnerability may be triggered by viewing a malicious website in Internet Explorer - in which case the file may be automatically downloaded and opened, viewing such a website in any other browser and agreeing to open and download at the prompt, previewing an infected file in Windows Explorer, previewing infected emails in older versions of Outlook and even indexing a hard disk containing an infected file with Google Desktop. Microsoft Internet Explorer, abbreviated IE or MSIE, is a proprietary web browser made by Microsoft and currently available as part of Microsoft Windows. ... Windows Explorer running on Windows XP Windows Explorer is an application that is part of modern versions of the Microsoft Windows operating system that provides a graphical user interface for accessing the file systems. ... E-mail, or email, is short for electronic mail and is a method of composing, sending, and receiving messages over electronic communication systems. ... Screenshot of Outlook 2003 Microsoft Outlook is a personal information manager from Microsoft, and is part of the Microsoft Office. ... Google Desktop is Googles version of the desktop search that runs locally on a Windows XP or Windows 2000 SP3+ PC. The desktop search program allows full text search of all of ones e-mail, computer files, music, photos, chat, and Web pages that one has viewed. ...

According to McAfee, by 31 December more than 6% of their customer base had been infected by the first generation of such exploits. McAfee, Inc. ... December 31 is the 365th day of the year (366th in leap years) in the Gregorian Calendar. ...

Solution

As of 1 January, 2006, no official patch exists. Microsoft published advice on 28 December to deregister shimgvw.dll, a dynamic link library that invokes previewing of image files, and which is used by the majority of attacks. An unofficial patch by Ilfak Guilfanov exists which removes the flawed functionality in gdi32. Microsoft Corporation (NASDAQ: MSFT, HKEx: 4338) is the worlds largest software company, with 2005 global annual sales of 40 billion US dollars and nearly 60,000 employees in 85 countries and regions. ... December 28 is the 362nd day of the year (363rd in leap years) in the Gregorian Calendar, with 3 days remaining. ... In computer science, a library is a collection of subprograms used to develop software. ...

External links

Category: Current events ... Secunia is a computer security service provider best known for tracking vulnerabilities in more than 4500 pieces of software and operating systems. ... The Internet Storm Center (ISC) is a group which monitors the level of activity on the Internet, particularly with regards to large-scale slowdowns or stoppages. ... F-Secure (former DataFellows) is an anti-virus and computer security software company based in Finland. ... The SANS Institute (SysAdmin, Audit, Networking, and Security) is an organization focusing on providing computer education and information security training. ... Subcategories There are 3 subcategories to this category. ...

Solution GA_googleFillSlot("encyclopedia_square");

External links

Solution