[unisog] 0-day Windows Metafile Defect Being Exploited

Russell Fulton r.fulton at auckland.ac.nz
Fri Dec 30 21:35:41 GMT 2005

I'd like to say 'amen' to this.  There are reports on the AVIEN list 
that several very experienced AV researchers have managed to 
accidentally run this exploit while examining it.  One reports spending 
4 hours cleaning up his system afterwards.

Be very careful with this one and if you must play with it ;) then do it 
in a VM!


Christian Wagner wrote:
> This is very ugly. To quote one source:
> "The thumbnail view in Windows Explorer will parse the graphics files in a 
> folder, even if the file is never explicitly opened. This is enough to trigger 
> the exploit. Even more frightening is that you don't have to use the thumbnail 
> view for a thumbnail to be generated. Under some circumstances, just 
> single-clicking on the file will cause it to be parsed."

More information about the unisog mailing list