What is the Windows Metafile Format (WMF) vulnerability?

A. A vulnerability was found in the WMF definition that affects the Windows rendering engine (shimgvw.dll), which, unlike previous vulnerabilities, requires no user interaction to be activated. An infected image only has to be viewed on a Web site or in an email or even accessed via a desktop search engine (such as Google Desktop Search). It then can run code on the PC that could install malware. You can find more information about the vulnerability at the following URLs:

  • http://www.microsoft.com/technet/security/advisory/912840.mspx
  • http://www.kb.cert.org/vuls/id/181038

Microsoft released a fix on January 5--out of the regular fix cycle because the problem is so critical--and you should install the fix as soon as possible.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.