Microsoft WMF vulnerability
Windows image file exploit W32/PFV-Exploit
The exploit is currently being used to distribute the following threats:
Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.
Be warned. Microsoft has yet to issue an official patch/fix for this vulnerability, although the main antivirus companies do detect the W32/PFV-Exploit trojan.
-=-
Those using IE or any browser using IE engine like Avant or Maxthon to surf might want to consider switching to Firefox or Opera.
Those with Firefox 1.0.4 and below, you might want to upgrade to a higher release.
If you have not done so, best to also UNCHECK the “Allow websites to install software” and “Enable Java” in FireFox whenever you surf.
Tools -> Options -> Web Features
Sources:
http://www.f-secure.com/weblog/archives/archive-122005.html
http://www.hexblog.com/2005/12/wmf_vuln.html
http://www.kb.cert.org/vuls/id/181038
http://gohyip.com/blog/2005/12/30/surfing-...-do-the-switch/
Update: Microsoft have since released a patch to correct the problem, although many feel that the patch was rushed and didn't solve all the problems associated with this security flaw.
Download via WindowsUpdate or click below:
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx
The exploit is currently being used to distribute the following threats:
Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.
Be warned. Microsoft has yet to issue an official patch/fix for this vulnerability, although the main antivirus companies do detect the W32/PFV-Exploit trojan.
-=-
Those using IE or any browser using IE engine like Avant or Maxthon to surf might want to consider switching to Firefox or Opera.
Those with Firefox 1.0.4 and below, you might want to upgrade to a higher release.
If you have not done so, best to also UNCHECK the “Allow websites to install software” and “Enable Java” in FireFox whenever you surf.
Tools -> Options -> Web Features
- Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file.
In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with “Windows Picture and Fax Viewer”, which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable…but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with “Windows Picture and Fax Viewer” too. However, all versions of Firefox and Opera prompt the user first.
Switch to Firefox(Latest version is 1.5) today. Especially for those people who’s into 12 DailyPro and other autosurfs. You can check out the button on the bottom right on our sidebar. It’s free & integrates with Google toolbar, nifty.
Sources:
http://www.f-secure.com/weblog/archives/archive-122005.html
http://www.hexblog.com/2005/12/wmf_vuln.html
http://www.kb.cert.org/vuls/id/181038
http://gohyip.com/blog/2005/12/30/surfing-...-do-the-switch/
Update: Microsoft have since released a patch to correct the problem, although many feel that the patch was rushed and didn't solve all the problems associated with this security flaw.
Download via WindowsUpdate or click below:
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx
posted by manic_depressive_1 at 3:24 AM
0 Comments:
Post a Comment
<< Home