Problems with the Windows

By Larry Seltzer  |  Posted 2005-12-31 Print this article Print

Fix"> If a WMF file is attached to an e-mail message, the default action for Outlook and Outlook Express (the default action is performed when the user double-clicks on the icon) is to launch it with the Windows Picture and Fax Viewer. Since that program is disabled by this fix, nothing will happen when the user double-clicks on the attachment or on the icon for such a file in a Windows Explorer window or the desktop.
A user might then choose to open the file with another program, such as Windows Paint, and in this case a malicious WMF file would still be able to execute its exploit.
Paint and some other programs are not affected by the fix to Windows Picture and Fax Viewer. Many other graphics programs, some of which are bundled with scanners and digital cameras, set themselves to be the default action for graphics such as WMF. These would not be affected by the workaround, but they may still be vulnerable. Finally, there have been conflicting reports as to the effectiveness of DEP (data execution protection), both hardware and software, for the WMF issue. This exploit, not being a typical overflow in which programs are executed out of a data area, would not normally lend itself to protection by DEP. Microsoft has made no statements about hardware DEP in its advisory, but it did state that "Windows XP Service Pack 2 also includes software-enforced DEP that is designed to reduce exploits of exception-handling mechanisms in Windows. By default software-enforced DEP applies to core operating system components and services. This vulnerability can be mitigated by enabling DEP for all programs on your computer." However, Symantec states that they have found software DEP to be ineffective against this vulnerability. Editors Note: This story was updated to include more information about blocking the WMF flaw. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel