Windows Metafile Vulnerability - Notes

Notes

1. ^ Security Watch: Iniquitous Images Imperil the Internet!, Larry Seltzer, PC Magazine.
2. ^ A Description of the Image Preview Feature in Windows Millennium Edition, Microsoft.
3. ^ sunbeltblog.blogspot.com Microsoft clarifies DEP issue
4. ^ Library for non-Windows operating systems to run WMF files.
5. ^ Linux/BSD still exposed to WMF exploit through WINE, ZDNet.
6. ^ It's not a bug, it's a feature, F-Secure.
7. ^ Exploit-WMF, by McAfee
8. ^ Does Windows Patch Without Permission?
9. ^ Microsoft Security Advisory (912840) - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution, Microsoft Official Advisory on the vulnerability.
10. ^ http://www.hexblog.com/2005/12/wmf_vuln.html, unofficial patch by Ilfak Guilfanov.
11. ^ Trustworthy Computing, SANS Institute Internet Storm Center.
12. ^ Ilfak to the rescue!, F-Secure.
13. ^ Trustworthy Computing, Slashdot. Linking to SANS Institute Internet Storm Center's article titled Trustworthy Computing (see above).
14. ^ .MSI installer file for WMF flaw available, SANS Institute Internet Storm Center.
15. ^ How to Configure Memory Protection in Windows XP SP2, software-enforced Data Execution Prevention (DEP) feature in Microsoft Windows XP SP 2.
16. ^ How to improve browsing performance in Internet Explorer (KB153790), Microsoft.
17. ^ Images are blocked when you open an e-mail message in Outlook Express on a Windows XP Service Pack 2-based computer (KB843018), Microsoft.
18. ^ http://www.nod32.ch/en/download/tools.php Unofficial WMF patch by Paolo Monti distributed by ESET.
19. ^ http://blogs.securiteam.com/index.php/archives/210 Unofficial Windows 98SE patch by Tom Walsh.