[Mannaggia l'America]

Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

No, it's in the DLL that displays .wmf files, not .wmv (Windows Movie). .wmf files are Windows Metafile files, which are basically image files, mostly used for clip art, rarely on legitimate web pages.

[Billthedrill]

Precisely. The problem appears to be that an error message returned from clicking on a thumbnail can actually be redirected to execute code at whatever level of access the user doing so has. Any code. Not nice.

I've applied the Guilfanov patch to my local box and everything seems fine so far. I've heard of some problems in canceling large print jobs but haven't seen anything like that myself.

[Decepticon]

No, it's in the DLL that displays .wmf files, not .wmv (Windows Movie). .wmf files are Windows Metafile files, which are basically image files, mostly used for clip art, rarely on legitimate web pages.

Thanks for that. I'm researching it now....

[RedBloodedAmerican]

Interesting. I thought the clip art exploit was addressed in 97 or 98.

[steve-b]

No, it's in the DLL that displays .wmf files, not .wmv (Windows Movie). .wmf files are Windows Metafile files, which are basically image files, mostly used for clip art, rarely on legitimate web pages.

It's possible for a file with any extension to exploit this security hole:

From the SANS WMF Exploit FAQ:

Should I just block all .WMF images?

This may help, but it is not sufficient. WMF files are recognized by a special header and the extension is not needed. The files could arrive using any extension, or embeded in Word or other documents.