Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
WMF 0-day: Exploit spreads, defenses few
Robert Lemos, 2005-12-30
Comments Mode:
WMF 0-day: Exploit spreads, defenses few 2005-12-30
Anonymous (3 replies)
Get Rid of it:

copy /Y %windir%\system32\notepad.exe %windir%\system32\shimgvw.dll

There will be no automatic File Restore after Restart.

Tested on XPsp2 fully patched and W2k

...

[ more ]  [ reply ]
Re: WMF 0-day: Exploit spreads, defenses few 2005-12-31
TJ
Works like a charm. Thanks.

The SANS Internet Storm Center Diary mentions a similar workaround at http://isc.sans.org/diary.php?storyid=982...

[ more ]  [ reply ]
Re: UPDATE WMF 0-day: Exploit spreads, defenses few 2006-01-01
dz
Better:

1) Deregister the dll

2) Eliminate the vulnerable code:

copy /Y %windir%\system32\notepad.exe %windir%\system32\shimgvw.dll

AND

copy /Y %windir%\system32\notepad.exe %windir%\system32\DLLCACHE\shimgvw.dll

AND

3) Don't install Irfanview as Alternative!

Although shimgvw.dll is still ...

[ more ]  [ reply ]
Re: WMF 0-day: Exploit spreads, defenses few 2006-01-03
Anonymous
Here is something better:

http://www.grc.com/sn/notes-020.htm

http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html...

[ more ]  [ reply ]
SpyWall from Trlokom blocks WMF 0-day Exploit 2006-01-03
JS
Trlokom has a product, SpyWall, that detects and blocks this exploit from executing via the web browser.

http://www.trlokom.com/press.php?name=WMF_29Dec2005

...

[ more ]  [ reply ]
WMF 0-day: Exploit spreads, defenses few 2006-01-05
Anonymous
Spyware doctor also adds protection for this ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus