• Hi Guest - Come check out all of the new CP Merch Shop! Now you can support CigarPass buy purchasing hats, apparel, and more...
    Click here to visit! here...

Zero day exploit in Windows/Internet Explorer

Wurm

Wurm

Bratwurst and Beer
Joined
Oct 6, 2005
Messages
6,140
Just a heads up, I just got this security bulletin about a new exploit for Windows.


Quote:
ASSESSMENT
This vulnerability is triggered by an error in the handling of corrupted Windows Metafile files (".wmf"). The default viewer for wmf files is the Windows Picture and Fax Viewer in Windows XP and can be exploited by a user opening a malicious ".wmf" file or by visiting a malicious web site using Microsoft Intenet Explorer. Firefox users can get infected if they decide to run or download the image file.
Click to expand...



“Zero day” means there is no patch avialable and the exploit is in the wild, so you need to be very cautious about opening any *.wmf file. Preferably you should block all wmf files at your firewall if possible and remove any settings that would cause these files to open automatically. (don't open any wmf files sent to you in e-mail either)
 
Doesn't surprise me either, but I thought it serious enough to share :)
 
Im sure windows will create a fix... over charge for it, only for it to be buggy.

Then they'll create a second addition for the fix, over charge for it again, even though it's their fault the first version was buggy, and the second version should ultimately be free.
 
Hey Wurm, you appear to be computer savvy (I am not).
On my computer (running windows XP)the windows picture and fax viewer saves random pictures from every site I visit (from full screen captures to the little "add reply" buttons here). A couple of times a week I end up deleting hundreds of pictures that have been saved in this thing. Do you know of a way to remove this feature from this operating system?
 
Captain Leafheart said:
Hey Wurm, you appear to be computer savvy (I am not).
On my computer (running windows XP)the windows picture and fax viewer saves random pictures from every site I visit (from full screen captures to the little "add reply" buttons here). A couple of times a week I end up deleting hundreds of pictures that have been saved in this thing. Do you know of a way to remove this feature from this operating system?
[snapback]267623[/snapback]​
Click to expand...

Now thats weird... When you visit a website everything you see/hear/do is saved in the Temporary Internet Files, this is normal but can fill your HDD fast if you don't set everything properly from the get go, but what is happening to you is a mystery to me, I also have the picture and fax viewer and it doesn't save a thing. Some other software you have installed must be influencing it. How long has it been doing it and what did you install right before it started?

*edit* I'm in Microsoft support right now, if I find anything I will let you know.
 
Captain Leafheart: Where does it save these files? If it is in the "Temporary Internet Files" directories there are settings to control that.
 
Found this... it is the Temporary Internet files,

Person had the same problem.

Go to Extras/InternetOptions/Advanced in your IE and put a check mark next to "delete temporary internet files when closing" (translated from my German windows so it might be called something else) That should fix your problem.
 
I'm no expert here, however, would not a simple solution be to change the default .wmf viewer to something else? As mine is defaulted to Irfan Viewer. To do this go to:-> Windows Explorer: select menu Tools+Folder options then tab File types.

Or in the worse case rename the Windows Picture and Fax Viewer .dll (I think it is SHIMGVW.DLL) to something else?

Just a couple ideas, given the info WURM posted...I haven't seen the entire warning particulars.
 
On my IE it is under Tools/Internet Options/Temporary Internet Files/Settings. Change the amount of disk space stored files will use down to 20-30 meg. I wouldn't shut off the feature completely since it will make your frequently accessed pages take longer to load. JMHO.
 
BrewMeister said:
I'm no expert here, however, would not a simple solution be to change the default .wmf viewer to something else? As mine is defaulted to Irfan Viewer. To do this go to:-> Windows Explorer: select menu Tools+Folder options then tab File types.

Or in the worse case rename the Windows Picture and Fax Viewer .dll (I think it is SHIMGVW.DLL) to something else?

Just a couple ideas, given the info WURM posted...I haven't seen the entire warning particulars.

[snapback]267641[/snapback]​
Click to expand...

YOU DONT want to rename the .dll... alot of things depend on it not just the viewer. Changing the default viewer (I use ACDSee 8) might work.
 
Just FYI - Did a quick check of my Anti-Virus, it has been updated and will detect and prompt me to delete the exploited .WMF file.
 
Thank you all for the suggestions.
It's been doing it for as long as I can remember. I mean it even saves a little tiny dot or a portion of an element on a page, as well as whole screen captures (from pictures of cigars to...well, you know.)
Couldn't say what might have been installed just prior to it starting.
I've been holding onto an e-mail that requires clicking on an attatchment which opens up in the p&f viewer (because I don't know how to open it otherwise).
I be a dummy. ???
I'll look into these fixes when I get home.
 
You must log in or register to reply here.
Top