Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: WMF mitigation may cause printer problems. SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WMF mitigation may cause printer problems.

We have received reports and researched an issue with Ilfak's patch AND/OR deregistering SHIMGWV.DLL causing printing issues.

De-registering SHIMGVW.DLL can cause printer issues. This has been verified.

Pedro a fellow SANS handler provided this:
"From Microsoft Windows Server 2003 Inside Out
By William R. Stanek The client first uses the print driver to partially render the document into EMF and then spools the EMF file to the print server. The print server converts the EMF file to final form and then queues the file to the printer queue (printer)."

ScottF another SANS handler states "I have seen a few new printing bugs...basically the printer spooler tray icon pops up and says there is an error and then prints without a problem" this was when SHIMGWV.DLL was deregistered.

It appears that Ilfak Guilfanov's patch can also cause printer problems.

Paul Shane reported
"It seems that users printing with Lotus
1-2-3 V5  for windows (yes...the old version), running on Windows XP, cannot print with the hexblog patch installed.  As soon as the patch is uninstalled and the machine is rebooted, printing works."

 Finally JimC another SANS handler writing about Ilfak's patch states:
"Actually, I guess this one doesn't surprise me too much.  The "legitimate" use of the SETABORTFUNC Escape() call in gdi32.dll is for printing. We have heard of a couple of other widely scattered situations where some sort of printing function was disrupted by the unofficial patch.


206 Posts
Jan 5th 2006

Sign Up for Free or Log In to start participating in the conversation!