WMF Vulnerability, Info.

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

WMF Vulnerability, Info.

MAP

01-02-2006

Re: WMF Vulnerability, Info.

Galen

01-02-2006

Re: WMF Vulnerability, Info.

MAP

01-02-2006

Re: WMF Vulnerability, Info.

Charlie Tame

01-02-2006

Re: WMF Vulnerability, Info.

MAP

01-02-2006

Re: WMF Vulnerability, Info.

jopa66

01-03-2006

Re: WMF Vulnerability, Info.

Phil Wright

01-04-2006

Posted by MAP on January 2, 2006, 4:54 pm

If you were Registered and logged in, you could reply and use other advanced thread options

: quoted-printable

Hello all,
A short time ago while surfing I was redirected to a site that tried to =
install this=20
"POS", fortunately NOD32 stopped it (I have my av set up to ask me what =
to do) when I clicked on delete the warning popup was gone and their was =
another window, the familiar download window (open,save,cancel) which =
clearly identified a wmf file awaiting download, my point is that if you =
change your internet security custom levels to something more secure you =
might not get infected with this,if you are paying attention. =20
My settings are as follows.

To help stop unauthorized downloads via your active x controls change =
your default settings.=20
These settings are good for XP. The wording should be close for other =
systems=20
as well.
Go to control panel and open "internet options".
Click on the security tab then custom level.
make sure these settings are as follows.

Download signed active x controls>set to prompt
Download unsigned active x controls>set to disable
Initialize and script active x controls not marked as safe>set to =
disable
Run active x controls and pluggins>set to enable
Script active x controls marked safe for scripting>set to enable
Java permissions>set to high=20
Launching programs and files in a IFRAME" > Prompt
Installation of Desktop items"> Prompt
Navigate sub-frames across different domains>prompt

Any comment is welcomed!

--=20
Mike Pawlak
------=_NextPart_000_0008_01C60FBD.2E789D90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1515" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV> </DIV>
<DIV>Hello all,</DIV>
<DIV>A short time ago while surfing I was redirected to a site that =
tried to=20
install this </DIV>
<DIV>"POS",  fortunately NOD32 stopped it (I have my av set up to =
ask me=20
what to do) when I clicked on delete the warning popup was gone and =
their was=20
another window, the familiar download window (open,save,cancel) which =
clearly=20
identified a wmf file awaiting download, my point is that if you change =
your=20
internet security custom levels to something more secure you might not =
get=20
infected with this,if you are paying attention.  </DIV>
<DIV>My settings are as follows.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>To help stop unauthorized downloads via your active x controls =
change your=20
default settings. <BR>These settings are good for XP. The wording should =
be=20
close for other systems <BR>as well.<BR>Go to control panel and open =
"internet=20
options=94.<BR>Click on the security tab then custom level.<BR>make sure =
these=20
settings are as follows.</DIV>
<DIV> </DIV>
<DIV>Download signed active x controls>set to prompt<BR>Download =
unsigned=20
active x controls>set to disable<BR>Initialize and script active x =
controls=20
not marked as safe>set to disable<BR>Run active x controls and=20
pluggins>set to enable<BR>Script active x controls marked safe for=20
scripting>set to enable<BR>Java permissions>set to high =
<BR>Launching=20
programs and files in a IFRAME" > Prompt<BR>Installation of Desktop=20
items"> Prompt<BR>Navigate sub-frames across different=20
domains>prompt</DIV>
<DIV> </DIV>
<DIV>Any comment is welcomed!</DIV>
<DIV> </DIV>
<DIV>-- <BR>Mike Pawlak</DIV></BODY></HTML>

------=

Posted by Galen on January 2, 2006, 10:26 pm

If you were Registered and logged in, you could reply and use other advanced thread options

My reply is at the bottom of your sent message:

> Hello all,

> A short time ago while surfing I was redirected to a site that tried

> to install this

> "POS", fortunately NOD32 stopped it (I have my av set up to ask me

> what to do) when I clicked on delete the warning popup was gone and

> their was another window, the familiar download window

> (open,save,cancel) which clearly identified a wmf file awaiting

> download, my point is that if you change your internet security

> custom levels to something more secure you might not get infected

> with this,if you are paying attention.

> My settings are as follows.

> To help stop unauthorized downloads via your active x controls change

> your default settings.

> These settings are good for XP. The wording should be close for other

> systems

> as well.

> Go to control panel and open "internet options".

> Click on the security tab then custom level.

> make sure these settings are as follows.

> Download signed active x controls>set to prompt

> Download unsigned active x controls>set to disable

> Initialize and script active x controls not marked as safe>set to

> disable

> Run active x controls and pluggins>set to enable

> Script active x controls marked safe for scripting>set to enable

> Java permissions>set to high

> Launching programs and files in a IFRAME" > Prompt

> Installation of Desktop items"> Prompt

> Navigate sub-frames across different domains>prompt

> Any comment is welcomed!

Well put and highly effective BUT there's the issue of usability. I often
surf with those actually set to disabled and then consider adding them when
the site's needed or with another browser. Sometimes I use a third party
application to add an additional security zone between trusted and internet
and surf with a locked down "Internet Zone" and leave the middle zone to the
not-quite-trustable sites. So, the question is, really, that this is great
advice but will people deal well with the constant prompting while trying to
surf?

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"We approached the case, you remember, with an absolutely blank mind,
which is always an advantage. We had formed no theories. We were simply
there to observe and to draw inferences from our observations." -
Sherlock Holmes

Posted by MAP on January 2, 2006, 11:05 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Galen wrote:

> My reply is at the bottom of your sent message:

>> Hello all,

>> A short time ago while surfing I was redirected to a site that tried

>> to install this

>> "POS", fortunately NOD32 stopped it (I have my av set up to ask me

>> what to do) when I clicked on delete the warning popup was gone and

>> their was another window, the familiar download window

>> (open,save,cancel) which clearly identified a wmf file awaiting

>> download, my point is that if you change your internet security

>> custom levels to something more secure you might not get infected

>> with this,if you are paying attention.

>> My settings are as follows.

>> To help stop unauthorized downloads via your active x controls change

>> your default settings.

>> These settings are good for XP. The wording should be close for other

>> systems

>> as well.

>> Go to control panel and open "internet options".

>> Click on the security tab then custom level.

>> make sure these settings are as follows.

>> Download signed active x controls>set to prompt

>> Download unsigned active x controls>set to disable

>> Initialize and script active x controls not marked as safe>set to

>> disable

>> Run active x controls and pluggins>set to enable

>> Script active x controls marked safe for scripting>set to enable

>> Java permissions>set to high

>> Launching programs and files in a IFRAME" > Prompt

>> Installation of Desktop items"> Prompt

>> Navigate sub-frames across different domains>prompt

>> Any comment is welcomed!

> Well put and highly effective BUT there's the issue of usability. I

> often surf with those actually set to disabled and then consider

> adding them when the site's needed or with another browser. Sometimes

> I use a third party application to add an additional security zone

> between trusted and internet and surf with a locked down "Internet

> Zone" and leave the middle zone to the not-quite-trustable sites. So,

> the question is, really, that this is great advice but will people

> deal well with the constant prompting while trying to surf?

I only get prompts when I'm downloading something,regular surfing is no
trouble at all.

--
Mike Pawlak

Posted by Charlie Tame on January 2, 2006, 10:33 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Open files based on content, not file extension = disabled

Charlie

Hello all,
A short time ago while surfing I was redirected to a site that tried to
install this
"POS", fortunately NOD32 stopped it (I have my av set up to ask me what to
do) when I clicked on delete the warning popup was gone and their was
another window, the familiar download window (open,save,cancel) which
clearly identified a wmf file awaiting download, my point is that if you
change your internet security custom levels to something more secure you
might not get infected with this,if you are paying attention.
My settings are as follows.

To help stop unauthorized downloads via your active x controls change your
default settings.
These settings are good for XP. The wording should be close for other
systems
as well.
Go to control panel and open "internet options".
Click on the security tab then custom level.
make sure these settings are as follows.

Download signed active x controls>set to prompt
Download unsigned active x controls>set to disable
Initialize and script active x controls not marked as safe>set to disable
Run active x controls and pluggins>set to enable
Script active x controls marked safe for scripting>set to enable
Java permissions>set to high
Launching programs and files in a IFRAME" > Prompt
Installation of Desktop items"> Prompt
Navigate sub-frames across different domains>prompt

Any comment is welcomed!

--
Mike Pawlak

Posted by MAP on January 2, 2006, 11:11 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Charlie Tame wrote:

> Open files based on content, not file extension = disabled

> Charlie

I have it setup this way so I will be asked if I want this download yes or
no
and if something like what happened today occurs then I know that I didn't
ask for it because I wasn't trying to download anything.

--
Mike Pawlak

Similar Threads	Posted
Need Window XP info	January 16, 2008, 1:25 am
Help with virus info!	April 14, 2008, 5:48 pm
info.com search redirect/iexplorer sent to backgound	March 8, 2008, 9:03 pm
Send Free SMS Worlwide to any mobile phone iphone gsm http://free4sms.info	November 28, 2008, 10:41 pm
Vulnerability thru old versions of Java?	September 10, 2008, 9:01 am
Avast AV critical vulnerability (FrSIRT)	July 21, 2005, 2:26 pm
Internet Explorer Vulnerability Problematic	September 21, 2006, 5:24 am
Is NT4 affected by the new MS05-039 Plug-n-Play Vulnerability?	August 15, 2005, 12:33 pm
Sun Java vulnerability update - Sun Alert ID: 102557	August 26, 2006, 8:13 am
Re: Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution	December 29, 2005, 2:21 pm

The site map in XML format XML site map