TechBulletin

A new exploit has been discovered that affects Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. Malware is downloaded and installed on the affected systems by taking advantage of a vulnerabiliy in the WMF graphics rendering engine.

WMF, or Windows Metafile, is a vector based image format used by Microsoft’s operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.

F-Secure is detecting the offending WMF files as W32/PFV-Exploit.A, .B and .C.

According to F-Secure it is very easy to fall victim to this exploit, especially if you are using Internet Explorer. It’s as simple as visiting an infected web site or viewing a folder with infected files with Windows Explorer. F-Secure has informed Microsoft and while a patch is expected to be issued quickly, they warn that Windows administrators and/or users may want to filter all WMF files until a patch is released.

Source: BetaNews