Synapse Posted January 3, 2006 Posted January 3, 2006 (edited) found this quite fun... its in german... but just scroll down to where it says "Test"http://www.heise.de/security/dienste/brows...os/ie/wmf.shtmlMy results:Firefox: Asked me to download it or open it.. i chose to download it and double clicked the icon to open windows fax and picture viewer.. calc.exe ran and explorer.exe crashed.. even right clicking and hitting properties on the file caused it to run.IE: Started download, ran windows fax viewer thing but no calculator execution... which i found weird.. maybe its reading from the cache, i'll have to test after i do a restart and clear my browser cache.Explorer: with Thumbnails turned on, it ran calc.exe and caused the explorer.exe to crash again.Post your results..btw.. incase anyone is interested on how this looks when the actual infected .wmf is ran.. check out this moviehttp://www.websensesecuritylabs.com/images...s/wmf-movie.wmv Edited January 3, 2006 by Bi0haZarD
LLXX Posted January 4, 2006 Posted January 4, 2006 (edited) IE: Asked me to download or open it. Chose Open: "Open file with..." dialog comes up. I choose to open it with IE. The "save" dialog comes up and closes immediately. Chose Save: Downloaded the WMF. Double-clicked it and "open file with..." comes up again.Right-click and view Properties: Standard property page comes up, nothing else happens.Turned on Thumbnails: Nothing happened.Tried various Image-editing programs I had. All of them refused to open the file, claiming the file was invalid.I guess I'm immune... OS: 98se customised. Edited January 4, 2006 by LLXX
Synapse Posted January 4, 2006 Author Posted January 4, 2006 (edited) either of you use the regsvr method or the unofficial hotfix?i just tried and Avast popped up telling me it was a virus/worm *this was my 1,000th post! * Edited January 5, 2006 by Bi0haZarD
sevenalive Posted January 4, 2006 Posted January 4, 2006 Are you serious, the guy who started this thread should be banned, getting people to put the exploit on their computers.Do not click on the link above ppl, YOU SHOULD NO BETTER
Synapse Posted January 5, 2006 Author Posted January 5, 2006 it's a TEST wmf file.. all it does is runs calc.exe if your system is vulnerable.. and yes i have checked this link myself, both on a VMware workstation and my main computer.. with regmon, filemon, and process explorer all running.. to make sure its 100% safe.. I would never put up a link here that could even have the possibility of damaging a fellow MSFN users comp in anyway.as for the site being in german, its a german magazine.. basically an equivelent of slashdot.. they made it so people could check to make sure they were protected from the exploit without having to run the actual destructive wmf.kthanks.
clavicle Posted January 5, 2006 Posted January 5, 2006 Nothing happened with Opera! But MS Picture and Fax Viewer is still generating preview for the past 2min. or so.
gamehead200 Posted January 5, 2006 Posted January 5, 2006 Just tested it after installing MS's official path. Works fine! No preview available.
janus zeal Posted January 9, 2006 Posted January 9, 2006 Sadly, im running windows xp sp2, but i seem to be safe with firefox and nortonhttp://zealnet.myvnc.com/public/~jz/norton.pngIE 6 got farther, but was also stoped by norton.http://zealnet.myvnc.com/public/~jz/ie.png
Takeshi Posted January 16, 2006 Posted January 16, 2006 FF 1.5 wants to d/l it but picked up immediately by F_Secure.
Solid as a rock Posted January 16, 2006 Posted January 16, 2006 My results:Opera and IE: Asked me to download it or open it.. i choose to download it and double clicked the icon to open windows fax and picture viewer. Viewer opens with the message: No example aviable (translated from dutch to english). And yes, i have the WMFpatch installed from microsoft...But nice movie, now i know how it looks. Thanks!
Andrew932 Posted January 19, 2006 Posted January 19, 2006 Did it with IE and Norton Internet Security denied access to it.
atomizer Posted January 19, 2006 Posted January 19, 2006 FF prompts to download.saved file and scanned and, naturally, ClamWin detected:\browsercheck.tif: Exploit.WMF.Gen-3 FOUNDopened file and got error "format of the file could not be determined". however, i don't have windows p&f viewer installed. 'tif' is associated with XnView, but it obviously wasn't a valid 'tif' file.calc.exe didn't run.
DigeratiPrime Posted January 19, 2006 Posted January 19, 2006 (edited) I use Firefox 1.5 + NoScript Extension. I have no antivirus or firewall on the computer. Running XP Pro SP2 with no later hotfixes. Basically nothing happened. Edited January 19, 2006 by DigeratiPrime
liquidguru Posted January 19, 2006 Posted January 19, 2006 i use FF1.5 and the beta version of the free AntiVir prog.FF prompted to download, but before i could click anything AntiVir popped up the following..guess AntiVir real-time guard works pretty well
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now