Metafile is a code specifically written in order to exploit a critical vulnerability on Windows 2003/XP/2000 computers in the library GDI32.DLL, which is used by the Windows Picture and Fax Viewer, Internet Explorer and Outlook, among other programs. If the target computer is vulnerable, Metafile allows arbitrary code to be executed in it. The vulnerability can be exploited by creating a specially crafted WMF (Windows MetaFile) image and then distributing it using any means: for example, hosting it in a web page and enticing users into accessing it. Note: it has been reported that if the original extension of a malicious WMF file is changed to the extension of other typical image formats (BMP, DIB, EMF, GIF, ICO, JFIF, JPE, JPEG, JPG, PNG, RLE, TIF or TIFF), the vulnerability is still exploitable. There are evidences that point to this code being used in a malicious web page to download and run a copy of a spyware program. Panda Security detects this code as Metafile, thus warning users of its presence in the web pages accessed. If you have a Windows 2003/XP/2000 computer, it is recommendable to download and apply the security patch referred to the Graphics Rendering Engine vulnerability, which is included in the security bulletin MS06-001. for this vulnerability. Click here to access the web page for downloading the patch. |