Image-handling flaws put Windows PCs at risk

By Joris Evers

Story last modified Tue Nov 08 11:44:00 PST 2005

Three security flaws in the way Windows handles certain graphics files could
create an opening for spyware and Trojan horse attacks, Microsoft has

The vulnerabilities relate to how the operating system renders the Windows
Metafile (WMF) and Enhanced Metafile (EMF) image formats, Microsoft said
Tuesday in its MS05-053 security bulletin. Two of them could allow a remote
intruder to gain complete control over a Windows PC, Microsoft warned in the
bulletin, the sole one in its monthly patch cycle.

Microsoft has tagged the security bulletin "critical," its most serious
rating. The software maker urges Windows users to install the security
update that accompanied the alert as soon as possible to protect against any
attacks via the security bugs.

To exploit the flaws, an attacker could craft a malicious image and trick a
Windows user to look at it on a malicious Web site or in an HTML e-mail, for
example, according to Microsoft. This type of vulnerability could be a
conduit for the installation of spyware, Trojan horses, bots or other
harmful programs on an unsuspecting user's machine.

While two of the vulnerabilities disclosed on Tuesday could allow an
outsider to commandeer a Windows PC, the third is limited in scope and would
crash only an application used to view a malformed file, Microsoft said.

Bugs in file format handling are increasingly being uncovered. That's
because image formats are complicated, and applications have to support many
image file types, experts said. Microsoft in August warned of a similar
flaw, which is related to an error in the way Internet Explorer handles JPEG

"We will continue to see this type of vulnerabilities in every major
application for the foreseeable future," said Neel Mehta, a team leader at
Internet Security Systems. "It is not just images, but any type of complex
file format. This is something that security researchers and hackers have
realized to be a weak point in many applications."

Mehta doesn't expect the latest Windows flaws to be exploited in a
widespread attack. "We're not bracing for any major worm or malware
outbreak, but we do expect them to be used in targeted attacks," Mehta said.
"There is user interaction required, there has to be someone sitting at the
other end in order to be compromised."

Of the three vulnerabilities, the most serious affects all current Windows
operating systems. The two other flaws are found in Windows 2000, Windows XP
with Service Pack 1 and Windows Server 2003, but don't exist in Microsoft's
latest desktop and server products, Windows XP with SP 2 and Windows Server
2003 with SP1, Microsoft said.

Microsoft is not aware of any malicious code that exploits the two flaws
that could allow a PC to be fully compromised, the software maker said.
However, code that exploits the third flaw and can crash an application
running on Windows has been posted to the Internet, Microsoft said.

Microsoft released only one security bulletin on this November "Patch
Tuesday." Mehta suggested that people take the time to catch up on patches.
"Because it is quiet, it does give people an opportunity to catch up and
make sure they are protected," he said. People who have signed up for
Microsoft's update service should receive the patch download automatically.

Copyright ©1995-2005 CNET Networks, Inc. All rights reserved.

You are a subscribed member of the infowarrior list. Visit for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.

Reply via email to