Another Critical Flaw Detected in Windows Metafile

Jay Wrolstad,

A vulnerability has been discovered in Microsoft Windows that allows hackers to remotely access PCs and install malware through an imaging-handling technology in the operating system.

Microsoft acknowledged the release of exploit code that could allow an attacker to execute arbitrary code when someone visits a Web site that contains a specially crafted Windows Metafile (WMF) image. Security authority Secunia labeled the vulnerability "extremely critical."

Malicious Graphics Files

WMF images are graphical files that can contain both vector and bitmap-based picture information. Microsoft Windows contains routines for displaying such files, but a lack of input validation in one of these routines may allow a buffer overflow to occur, which in turn may allow remote code execution.

The vulnerability can also be triggered from the Internet Explorer browser if the malicious file has been saved to a folder and renamed to other image file extensions such as ".jpg," ".gif," ".tif," and ".png." It has been detected on a patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server

2003 systems also are affected.

Current exploits use the Windows Picture and Fax Viewer to attack any application that can handle Windows Metafiles. Disabling the Windows Picture and Fax Viewer will not eliminate the risk as the flaw exists in the Windows Graphical Device Interface library.

The flaw has also raised concerns that Google Desktop may be another potential attack vector, and that various antivirus software products cannot detect all known exploits for this vulnerability.

A Familiar Problem

By default, Explorer on those operating systems runs in a restricted mode known as Enhanced Security Configuration, which Microsoft said mitigates this vulnerability as far as e-mail is concerned, although clicking on a link in a message would still put users at risk.

Yankee Group senior analyst Andrew Jaquith characterized the vulnerability as a serious security issue that has cropped up before in browsers, including Firefox and Safari. "It's particularly nasty because the browser automatically loads images when users visit a Web site. There is no built-in protection," he said.

Jaquith predicted that additional exploits of the vulnerability are expected since there is no patch available and the security hole is difficult to plug.

People who use Windows are advised to be wary when opening e-mail and links in e-mail from sources they don't trust. They should not save, open or preview image files from unfamiliar sources. And, as always, people are encouraged to update the patches for their operating systems. In general, just toss out unread email you were not expecting or do not know the origin of.

Microsoft vowed to investigate the vulnerability and to provide a security update when it becomes available. Customers who believe they may have been affected may contact the company's Product Support Services.

Copyright 2005 NewsFactor Network, Inc.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily. And, discuss this and other topics in our forum at
formatting link
formatting link

*** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, News Factor Network.

For more information go to:

formatting link
[TELECOM Digest Editor's Note: So, start the new year right with a nasty thing in your computer. If we cannot _even read_ email from people we do not know (or in many cases, ignorant people we _do_ know who like to 'pass this along to all your friends'), and there are a lot of web sites we cannot really trust, then tell me again, what is the purpose of computers? PAT]

Reply to
Jay Wrolstad
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.