[Dshield] WMF redirect. gdi32.dll is the problem

Tim Hollebeek tholleb at teknowledge.com
Thu Jan 5 16:51:07 GMT 2006

> "Going back to the wmf vulnerability itself, we see number of 
> sites mention that shimgvw.dll is the vulnerable file.
> This doesn't seem correct as it's possible to exploit a 
> system on which shimgvw.dll has been unregistered and 
> deleted. The vulnerability seems to be in gdi32.dll."

disabling shimgvw.dll is a partial workaround.
Specifically, what it does is disables Windows XP's
autodisplay of thumbnails in certain folder views,
which can significantly increase the risk in some
scenarios (browsing to a network share with a WMF
file, for example).


More information about the list mailing list