WMF vulnerability in Windows - affect image files.

Capt'n Midnight

http://secunia.com/advisories/18255/

This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.

nothing new in this, image file exploits in windows have been unforgivable. IE 5 couldn't even show BMP's

Also the renaming of the extensions not protecting you is hardly new. Remember the way word macro viruses were executed in files saved as .rtf ?

But could someone patent the cure of such a disease ?
If the person who found the original exploit had patented a generalised fix for it "a method to prevent arbitrary user-defined function to be executed when the rendering of a graphical file fails by .... "

1. announce the patent.
2. Let others then recreate the exploit.
3. wait until everyone depoys a patch
4. sue based on earlier patent , just like the LZW/GIF and MP3
5. profit.

BTW: the best bit is in the USA they would still have about 50 weeks to retrospectively register the patent - nice legal sting