What is the Windows Metafile Format (WMF) vulnerability?

John Savill

January 29, 2006

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. A vulnerability was found in the WMF definition that affects the Windows rendering engine (shimgvw.dll), which, unlike previous vulnerabilities, requires no user interaction to be activated. An infected image only has to be viewed on a Web site or in an email or even accessed via a desktop search engine (such as Google Desktop Search). It then can run code on the PC that could install malware. You can find more information about the vulnerability at the following URLs:

  • http://www.microsoft.com/technet/security/advisory/912840.mspx

  • http://www.kb.cert.org/vuls/id/181038

Microsoft released a fix on January 5--out of the regular fix cycle because the problem is so critical--and you should install the fix as soon as possible.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like