WMF Exploit patch

WMF Exploit patch
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
WMF Exploit patch John Hyde 01-02-2006
Posted by John Hyde on January 2, 2006, 2:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Has anyone checked out the "unofficial" WMF exploit patch found on the
NIST website? Does it do anything worth trying?

Linked from their article on :
http://www.nist.org/news.php?extend.50

Closest link I think is:

http://www.nist.org/download.php?list.2%3Cbr%20/%3E

The page says that you still need to unregister shimgwv.dll. Naturally,
what is really needed is the ability to get back to business as usual.
(I've been amazed at how many things apparently use shimgwv for image
rendering.)

Thanks for thoughts

JH

Posted by Todd H. on January 2, 2006, 11:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> Has anyone checked out the "unofficial" WMF exploit patch found on the
> NIST website? Does it do anything worth trying?
>
> Linked from their article on :
> http://www.nist.org/news.php?extend.50
>
> Closest link I think is:
>
> http://www.nist.org/download.php?list.2%3Cbr%20/%3E
>
> The page says that you still need to unregister shimgwv.dll.
> Naturally, what is really needed is the ability to get back to
> business as usual. (I've been amazed at how many things apparently use
> shimgwv for image rendering.)
>
> Thanks for thoughts

I was hesitant and finally deployed the patch on my machines once it
showed up in the SANS handler's diary as having be pored over by one
of their folks.
http://isc.sans.org/diary.php?storyid=993


--
Todd H.
http://www.toddh.net/

Similar ThreadsPosted
Zero-day IE exploit... November 22, 2005, 7:46 pm
Exploit released for unpatched ActiveX flaw September 15, 2006, 5:46 pm
Any study on patch availability? December 24, 2004, 6:11 pm
Patch management factors January 29, 2005, 7:22 pm
Seeking Expert in Patch Management Software February 14, 2005, 12:23 pm
Microsoft patch opens users to attack August 23, 2006, 11:29 pm
HPSBMA02133 SSRT061201 rev.3 - HP Oracle for OpenView (OfO) Critical Patch Update January 26, 2007, 6:42 am
HPSBMA02133 SSRT061201 rev.4 - HP Oracle for OpenView (OfO) Critical Patch Update April 19, 2007, 6:18 pm
HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update July 26, 2007, 11:37 am
HPSBMA02133 SSRT061201 rev.7 - HP Oracle for OpenView (OfO) Critical Patch Update January 17, 2008, 8:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy