Jump to content



Recommended Posts

TROJ_WMFCRASH.B is a .WMF file that takes advantage of an unpatched vulnerability found in Windows Picture and Fax Viewer. It runs on Windows XP and Server 2003, and is currently spreading in-the-wild.


The Windows Picture and Fax Viewer vulnerability is a zero-day exploit that is capable of remote code execution. Zero-day exploits are thus named because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may leave systems vulnerable, due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.


Once this malicious .WMF file is opened, it proceeds to launch a denial of service attack in an attempt to restart or terminate the legitimate system process EXPLORER.EXE. The said action leaves an affected user unable to navigate through Windows.


After performing its routine, this Trojan terminates itself.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...