BetaNews | ‘Really Bad’ Exploit Threatens Windows
A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware.WMF, or Windows Metafile, is a vector based image format used by Microsoft’s operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.
Internet explorer and Mozilla Firefox are suceptible and i was able to find the exploit code in about 5 minutes. I don’t know how to run it but for all the Script Kiddie’s out there hacking tools have already been updated for it. I sure hope a workaround or a fix comes out soon.