(no subject)

Dec. 29th, 2005 08:02 pm
theweaselking: (Default)
[personal profile] theweaselking
New critical exploit on all Windows machines Win98 and newer - runs through the obsolete-but-still-there WMF file viewer.

This is not limited to IE. It will also infect Opera and Firefox users - one source says "older versions of Firefox", the other just says Firefox. It's done by surfing to a web page containing an infected JPEG or GIF file, and installs and runs a bogus anti-spyware tool that tries to steal your credit card information while installing more stuff on your machine, even on up-to-date patched XP SP2 machines.

There's a half-assed fix so far:
According to iDefense, Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.
Flat | Top-Level Comments Only

(no subject)

Date: 2005-12-30 01:10 am (UTC)
From: [identity profile] texas-tiger.livejournal.com
When I tried that, I got the error:

LoadLibrary("shimgvw.dll") failed.
GetLastError returns 0x00000485.

Any ideas?

(no subject)

Date: 2005-12-30 01:38 am (UTC)
From: [identity profile] theweaselking.livejournal.com
Not really. regsvr32 is not exactly something meant to be used manually like this, so I don't know why it's not working.

(no subject)

Date: 2005-12-30 06:43 pm (UTC)
From: [identity profile] zenten.livejournal.com
Sounds like that bit of your computer is screwed up, so that the vulnerability wouldn't work on it anyway (but don't quote me on that).

(no subject)

Date: 2005-12-30 01:55 am (UTC)
From: [identity profile] sivi-volk.livejournal.com
Seems to have worked.

(no subject)

Date: 2005-12-30 08:52 am (UTC)
From: [identity profile] ed-dirt.livejournal.com
Thanks, Weasey.

(no subject)

Date: 2005-12-30 09:47 am (UTC)
From: [identity profile] wyatt1048.livejournal.com
Seems to have worked - thanks!

(no subject)

Date: 2005-12-30 06:12 pm (UTC)
From: [identity profile] ryusen.livejournal.com
Yeah, i was just thinking i needed to post that. The notironic thing is, i was planning on running that command line cause i was having trouble with thumbnail rendering on legitimate files .p

(no subject)

Date: 2005-12-30 06:42 pm (UTC)
From: [identity profile] zenten.livejournal.com
I refuse to run such a command on my computer.

(no subject)

Date: 2005-12-30 06:49 pm (UTC)
From: [identity profile] theweaselking.livejournal.com
I somehow doubt your machine is likely to be vulnerable to a Windows rendering exploit.

(no subject)

Date: 2005-12-31 03:25 am (UTC)
From: [identity profile] kali-kali.livejournal.com
My computer can't find that file....

(no subject)

Date: 2006-01-04 07:05 pm (UTC)
jerril: A cartoon head with caucasian skin, brown hair, and glasses. (Default)
From: [personal profile] jerril
Ran it on my moms computer. Success. Also on work computer. WMF are stupid anyways.
Flat | Top-Level Comments Only

Profile

theweaselking: (Default)theweaselking
Page generated Feb. 5th, 2026 11:51 pm