3dfx Archive
http://www.falconfly.de/cgi-bin/yabb2/YaBB.pl
General Section >> News >> WINDOWS EXPLOIT ALERT!!!
http://www.falconfly.de/cgi-bin/yabb2/YaBB.pl?num=1136236820

Message started by NitroX infinity on 02.01.06 at 22:20:20

Title: WINDOWS EXPLOIT ALERT!!!
Post by NitroX infinity on 02.01.06 at 22:20:20
Read:

http://isc.sans.org/diary.php?date=2006-01-01

http://www.hexblog.com/2005/12/wmf_vuln.html

Download & Install:

http://www.hexblog.com/security/files/wmffix_hexblog13.exe

For those who don't understand, I'll type an explanation shortly, needed to get this up first.

Explanation:

There is a serious flaw in EVERY Windows version since Windows 3.0. The flaw is located in the code which deals with the so-called Windows Meta Files.
It allows another person to take over your computer quite easily. There is NO official fix from Microsoft, your are NOT safe with XP SP2. This exploit affects EVERY Windows version!.

Install the patch from the download link and you're safe for the meantime. Once Microsoft releases a fix, you should uninstall this unofficial one and then install Microsoft's fix.

If you've opened a file called HappyNewYear.jpg (received through email) than you are already infected!
I suggest you re-install Windows completely in that case.

Sorry for the shouting in the title, but this is serious enough to warrant it.

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by NitroX infinity on 02.01.06 at 22:39:16
I'm bumping this one so it shows in the 'Last Updated Topic' on the forum-index.

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by Chosen_One on 02.01.06 at 23:04:11

wrote on 02.01.06 at 22:20:20:
If you've opened a file called HappyNewYear.jpg (received through email) than you are already infected!


i unregged the dll ;)
sorry...but i would not open a file with this obvious name!

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by NitroX infinity on 03.01.06 at 11:05:45
Not advisable to just 'unregister' the DLL since it can be 're-registered' by outside sources. Your approach is not a completely safe one.

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by Chosen_One on 03.01.06 at 21:04:51
oh...in this case of terror i will do something else...

i will use my rationality and do not open every file i get...and my spam filter is very well trained ;)

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by FalconFly on 03.01.06 at 21:41:13
Yep, a good Firewall and Common Sense are still the best defenses...

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by Obi-Wan_Kenobi on 03.01.06 at 22:22:06
well I installed that file requested in this topic still no odd things hehe , but with a hardware Firewall I'm safe here :) But I installed it t be extra sure for safty ;) that shouldn't be a prob I suppose.

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by paulpsomiadis on 04.01.06 at 00:58:47
The site where the fix is located has gone down due to HUGE bandwith overload! :(

Does anyone have a mirror link? (or better still - can mirror the file?) ???

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by NitroX infinity on 04.01.06 at 01:10:00
http://handlers.sans.org/tliston/wmffix_hexblog13.exe

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by TM30 on 04.01.06 at 01:25:10
hehe and when this "fix" is the virus  ::)

... just joking  ;D

Title: Re: WINDOWS EXPLOIT ALERT!!!
Post by paulpsomiadis on 04.01.06 at 19:41:31
If people are squeamish...then here's a more reliable link.

http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi

3dfx Archive » Powered by YaBB 2.4!
YaBB © 2000-2009. All Rights Reserved.