high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 29 December 2005 12:22:50 (GMT) |
| Last updated | 4 January 2006 21:30:22 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Download the following patch from the Microsoft website:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
More Information
Exp/WMF-A detects Windows Metafiles (WMF) which exploit a vulnerability in the image rendering functionality of the DLL GDI32.DLL, which allows the execution of arbitrary code.
The exploit runs on several Windows platforms including Windows XP SP2 and affects several image-rendering applications which use GDI32.DLL directly or via the DLL SHIMGVW.DLL, eg Windows Picture and Fax Viewer (and other applications which depend on it, like Windows Explorer when it displays thumbnails).
A patch may be obtained from the Microsoft website:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx Exp/WMF-A detects Windows Metafiles (WMF) which exploit a vulnerability in the image rendering functionality of the DLL GDI32.DLL, which allows the execution of arbitrary code.
The exploit runs on several Windows platforms including Windows XP SP2 and affects several image-rendering applications which use GDI32.DLL directly or via the DLL SHIMGVW.DLL, eg Windows Picture and Fax Viewer (and other applications which depend on it, like Windows Explorer when it displays thumbnails).
Common attack vectors seen so far involve websites which contain IFRAME links to malicious WMF files containing the exploit. Applications such as Microsoft Internet Explorer may then attempt to render the WMF files. These WMF files then tend to download and execute other malicious EXE files.
A patch may be obtained from the Microsoft website:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
|
