WMF is a generic detection for malformed image files that attempt to exploit a critical vulnerability in the Graphics Rendering Engine on Windows 2003/XP/2000 computers. This vulnerability affects the library GDI32.DLL, which is used by the Windows Picture and Fax Viewer, Internet Explorer and Outlook, among other programs. If the target computer is vulnerable, WMF allows arbitrary code to be executed in it. The vulnerability can be exploited by creating a specially crafted WMF (Windows MetaFile) image and then distributing it using any means: for example, hosting it in a web page and enticing users into accessing it. However, if the original extension of a malicious WMF file is changed to the extension of other typical image formats (BMP, DIB, EMF, GIF, ICO, JFIF, JPE, JPEG, JPG, PNG, RLE, TIF or TIFF), the vulnerability is still exploitable. If your Panda solution detects WMF, it does not necessarily mean that your computer is vulnerable to WMF. It warns the user of the presence of a malicious image file attempting to exploit the vulnerability. If you have a Windows 2003/XP/2000 computer, it is recommendable to download and apply the security patch referred to the Graphics Rendering Engine vulnerability, which is included in the security bulletin MS06-001. Click here to access the web page for downloading the patch. |