Checking for .wmf Vulnerabilities

Published: 2006-01-02
Last Updated: 2006-01-03 02:44:21 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
As far as we know there are no tools available yet for remote scanning and detection of systems vulnerable to the .wmf issue.  Ilfak Guilfanov has a testing tool available on his website, and he cautions users that it only checks for one version of the exploit so it might not detect new variations. 

If you want to experiment with another file submitted to us by Kevin Gennuso (thanks, Kevin) you can download it here.  The file will open calc.exe and kill explorer.exe on vulnerable systems but otherwise causes no damage as far as we can tell.  As always, test this file before using it on a production or enterprise computer.  This file is useful for seeing if Ilfak's patch worked for your system.

Reik Bohne sent us a link to a test on  It's in German but essentially what it does is provides you with a way to check your browser and your email client to see if you are vulnerable.  Like the file above, it starts calc.exe on an unpatched system.

0 comment(s)


Diary Archives