curtis Posted January 13, 2006 Share Posted January 13, 2006 TROJ_WMFCRASH.B is a .WMF file that takes advantage of an unpatched vulnerability found in Windows Picture and Fax Viewer. It runs on Windows XP and Server 2003, and is currently spreading in-the-wild. The Windows Picture and Fax Viewer vulnerability is a zero-day exploit that is capable of remote code execution. Zero-day exploits are thus named because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may leave systems vulnerable, due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it. Once this malicious .WMF file is opened, it proceeds to launch a denial of service attack in an attempt to restart or terminate the legitimate system process EXPLORER.EXE. The said action leaves an affected user unable to navigate through Windows. After performing its routine, this Trojan terminates itself. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted January 13, 2006 Share Posted January 13, 2006 Good reason to get the Windows Updates! Thanks Curtis Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted January 13, 2006 Share Posted January 13, 2006 Thanks Curtis. Quote Link to comment Share on other sites More sharing options...
stevevan Posted January 14, 2006 Share Posted January 14, 2006 According to this, it runs on XP and Windows Servers. As stated, another good reason to get the Windows updates as well as ensuring your antivirus is up to date. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.