Windows WMF Metafile Vulnerability HotFix

Blackboost · Jan 2, 2006, 01:21 PM

This week a new vulnerability was found in Windows:

http://www.microsoft.com/technet/sec...ry/912840.mspx

Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix - I badly needed it.

The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:

http://www.hexblog.com/security/file..._hexblog13.exe

It should work for Windows 2000, XP 32-bit, XP 64-bit, and Windows Server 2003.

Technical details: this is a DLL which gets injected to all processes loading user32.dll.
It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
______________
More Info/Source: http://www.hexblog.com/2005/12/wmf_vuln.html#more

Iria · Jan 2, 2006, 04:16 PM

Thank you for the submission. This has already been posted on the front page. Please continue discussion here.

Thread closed.

Jan 2, 2006, 01:21 PM	#1
Blackboost -=[DHzer0point Author]=- Join Date: Sep 2004 Posts: 0 Rep Power: 0	Windows WMF Metafile Vulnerability HotFix This week a new vulnerability was found in Windows: http://www.microsoft.com/technet/sec...ry/912840.mspx Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix - I badly needed it. The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here: http://www.hexblog.com/security/file..._hexblog13.exe It should work for Windows 2000, XP 32-bit, XP 64-bit, and Windows Server 2003. Technical details: this is a DLL which gets injected to all processes loading user32.dll. It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore. ______________ More Info/Source: http://www.hexblog.com/2005/12/wmf_vuln.html#more

Jan 2, 2006, 04:16 PM	#2
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 89	Thank you for the submission. This has already been posted on the front page. Please continue discussion here. Thread closed.