Microsoft Windows Metafile Handling Buffer Overflow (Update)

Windows is vulnerable to remote code running through error in handling Windows Meta file format (.WMF). Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. Other Windows versions may also be at risk.

Workarounds:

Do not access WMF files from untrusted sources (like unknown website)

IT personnels can block access to WMF files at mail gateway, http proxies and other network filtering technologies.

Update:

Microsoft will release a patch on 10 Jan 2006.

Meanwhile a 3rd party patch by Mr Ilfak Guilfanov ,a senior developer of DataRescue, Belgium has been tested and recommended by SANS Institute for the time being. According to Mr Ilfak Guilfanov, this is a temporary fix and should be un-installed after Microsoft's release of the formal patch.

This is the first time a private 3rd party patch has been approved by a renowned security institute. Part of the reason is that Guilfanov put the patch with complete source code on line as open source. So SANS personnel are able to thoroughly test and verify that this is an honest work without backdoor.