Journaling on estrip is free and easy. get started today

Last Visit n/a |Start Date 2005-08-13 13:54:58 |Comments 3 |Entries 43 |Images 10 |Theme |

Category: windows

12/30/05 12:39 - ID#21541

Windows Security Flaw is "Severe"

Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.

Source:

This flaw exploits the Windows Graphics Rendering Engine and is reported to affect Internet Explorer, Outlook, and Outlook Express, as well as Firefox and Opera.

editorial aside: Since it is has suggested by an e-peep or two that the "Lib" media can not be trusted, I'm certain that all you Windows users have nothing to worry about since the Washington Post is reporting this. ;-)

Another source of information about this flaw is that purveyor of "Trustworthy Computing" -- Microsoft.

Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.

Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user.



A possible workaround has been reported a word of warning: improperly changing the .dll settings of a computer can cause serious problems.


* Click on Start > Run.
* Type:
regsvr32 /u shimgvw.dll
* Click OK
* Click OK again when the dialog appears.

Note that this can have an effect on the display of some thumbnails in Windows.



Addendum: to reregister (undo the workaround) the .dll use this command: regsvr32 shimgvw.dll
print addComment

Permalink: Windows_Security_Flaw_is_quot_Severe_quot_.html
Words: 386


Search

Chatter

New Site Wide Comments

joe said to joe
Never send a man to do a grandma's job...

sina said to sina
yes thank you!
Well, since 2018 I am living in France, I have finished my second master of science,...

paul said to sina
Nice to hear from you!! Hope everything is going great....

paul said to twisted
Hello from the east coast! It took me so long to see this, it might as well have arrived in a lette...