As recommended by SANS, I unregistered the file
(run) regsvr32 -u %windir%\system32\shimgvw.dll
and ran the hack, wmffix_hexblog14.exe
This elimininates the picture file from being run as "sort of"
a program or scripting file...
A quick Google found this:
http://greenlantern7738.blogspot.com/
(This may NOT be where I first started...)
I got the file after checking at Sans.org
http://isc1.sans.org/diary.php?rss&storyid=996
http://isc.sans.org/diary.php?storyid=997
(Sans Links seem down today...)
and then went to the authors site.
http://www.hexblog.com/security/files/wmffix_hexblog14.exe
http://www.hexblog.com/security/files/wmf_checker_hexblog.exe
The second is a checker file you can get to see if you
are vunerable...
Try to get through to the SANS links to check on their
recommendation of the other files... I did.......
Any files you get from the Internet, even from trusted sites are
at your own risk! Sans did not think the "hack" broke anything...
Rick Glazier
From: "Tom Lominac"
From Brian Livingston's Windows Secrets Newsletter::
"The new "WMF Metafile" vulnerability is different:
clipped...
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date: 1/3/2006
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about anything: [EMAIL PROTECTED]
Official Win-Home List Members Profiles Page
http://www.besteffort.com/winhome/Profiles.html
