[87704] in North American Network Operators' Group
Re: WMF patch
daemon@ATHENA.MIT.EDU (Eric Frazier)
Thu Jan 5 12:52:25 2006
Date: Thu, 05 Jan 2006 09:54:16 -0800
To: thomas.kuehling@mapsolute.com
From: Eric Frazier <eric@dmcontact.com>
Cc: nanog@nanog.org
In-Reply-To: <1136454013.10094.66.camel@localhost.localdomain>
Errors-To: owner-nanog@merit.edu
At 01:40 AM 1/5/2006, Thomas Kuehling wrote:
>Hi Eric
>
>Am Mittwoch, den 04.01.2006, 08:14 -0800 schrieb Eric Frazier:
> > Hi,
> >
> > I finally decided this was serious enough to do something about it=
sooner
> > than the MS patch, but while this seems to be the official link to the=
=20
> SANS
> > patch http://isc1.sans.org/diary.php?storyid=3D1010
> > it also is timing out. I have seen a couple of other links from=20
> googling to
> > people who have "repackaged" this, but I really don't want to download
> > something that doesn't match the SANS MD5..
> >
> > Any links or suggestions?
>
>perhaps it is outdated, but as a workaround, it would be enough to
>unregister the DLL wich handles WMF:
>
>on the Start menu, choose Run, type "regsvr32 -u %windir%\system32
>\shimgvw.dll", and then click OK.
>
>For more details, visit this link:
>http://www.frsirt.com/english/advisories/2005/3086
Thanks Thomas, something really useful. One thing I am still curious about,=
=20
I read that there were other image formats can be used in an exploit, GIF,=
=20
.BMP, .JPG, .TIF can also be used, according to F-Secure. I find this a=20
little confusing, if that dll only deals with WMF file type then the=20
exploit must not be directly connected with that dll Or does that dll=20
handle all of those as well?
But then I found this=
http://www.pcworld.com/howto/article/0,aid,119993,00.asp
Which makes sense. The way a lot of things I have been seeing go on about=20
this they act like WMF is the only format of issue and that obviously is=20
not at all true. I would have more likely ignored this if it really was=20
only WMF files and the MS patch a week or so away.
Thanks,
Eric
>Mit freundlichen Gr=C3=BC=C3=9Fen
>Thomas K=C3=BChling
>
>--
>Mapsolute Gmbh - Techn. Administration - TK2325-RIPE
