WMF Exploit

is a serious security threat discovered at 28th December 2005.

This problem is tied up with WMF files (Windows MetaFiles). It is not caused by a specific bug, but rather by a bad design back in the eightees. Such file can contain binary program which is called and executed by special Escape function. This has been used in the past to gain the access to special printer functions. However, it can be misused very easily to spread malicious programs - the application called "Windows Picture and Fax Viewer", which is used to display the picture in many Windows versions, will execute the attached code. This security hole is contained in all Windows versions (including the historical Windows 3.1) and currently there is no security patch from Microsoft (it is planed for 10th January 2006). So, this is really very severe security problem for millions of users all over the world. The danger is definitely not hypothetical - there are many web pages which contain such modified WMF files, other files are sent by email and there is already one worm which also uses this "feature".

You can unregister the program "Windows Picture and Fax Viewer" as a temporary solution, you can also filter all WMF files using the firewall. Of course avast! is able to detect such malicious files. There is also an unofficial patch made by Ilfak Guilfanov, which disables the Escape function in WMF files at all. We strongly recommend to install the Microsoft patch as soon as possible when available! The problem is that the older Windows operating systems are not maintained by Microsoft anymore, so there could be a lot of computers which will remain vulnerable in the future...

avast! with VPS file dated on or after 28th December 2005 is able to detect this exploit.