Problems with the Windows
Fix"> If a WMF file is attached to an e-mail message, the default action for Outlook and Outlook Express (the default action is performed when the user double-clicks on the icon) is to launch it with the Windows Picture and Fax Viewer. Since that program is disabled by this fix, nothing will happen when the user double-clicks on the attachment or on the icon for such a file in a Windows Explorer window or the desktop.Paint and some other programs are not affected by the fix to Windows Picture and Fax Viewer. Many other graphics programs, some of which are bundled with scanners and digital cameras, set themselves to be the default action for graphics such as WMF. These would not be affected by the workaround, but they may still be vulnerable. Finally, there have been conflicting reports as to the effectiveness of DEP (data execution protection), both hardware and software, for the WMF issue. This exploit, not being a typical overflow in which programs are executed out of a data area, would not normally lend itself to protection by DEP. Microsoft has made no statements about hardware DEP in its advisory, but it did state that "Windows XP Service Pack 2 also includes software-enforced DEP that is designed to reduce exploits of exception-handling mechanisms in Windows. By default software-enforced DEP applies to core operating system components and services. This vulnerability can be mitigated by enabling DEP for all programs on your computer." However, Symantec states that they have found software DEP to be ineffective against this vulnerability. Editors Note: This story was updated to include more information about blocking the WMF flaw. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
A user might then choose to open the file with another program, such as Windows Paint, and in this case a malicious WMF file would still be able to execute its exploit.