[Dshield] WMF redirect. gdi32.dll is the problem
tholleb at teknowledge.com
Thu Jan 5 16:51:07 GMT 2006
> "Going back to the wmf vulnerability itself, we see number of
> sites mention that shimgvw.dll is the vulnerable file.
> This doesn't seem correct as it's possible to exploit a
> system on which shimgvw.dll has been unregistered and
> deleted. The vulnerability seems to be in gdi32.dll."
disabling shimgvw.dll is a partial workaround.
Specifically, what it does is disables Windows XP's
autodisplay of thumbnails in certain folder views,
which can significantly increase the risk in some
scenarios (browsing to a network share with a WMF
file, for example).
More information about the list