This board has some protection built into it for dodgy JPG images; try uploading a 'corrupt' one and see; php says it is invalid (I just so happen to have been looking at an image see, work related).

The JPG thing was fixed looooong ago so if you're running something unpatched its your problem. I didn't realise one could link wmf images and you could always turn off images in your options anyway. What's the question again?

this isn't a JPG exploit - it's an exploit in WMF images that can execute abitrary code using window's built in picture & fax viewer.

it's a nasty one - if you view a web page with an embedded malformed WMF file you're b0rked - full stop. no warnings, no nothing... unless you use firefox!

concerned browsers should take their own preventative measures by disabling the picture & fax viewer (see suggested actions) until a fix is released.

Sorry I wasn't clear, I know it's not a jpg exploit, but a wmf file can be renamed as a jpg (or avi or any filetype at all) and windows will automatically run the metadata and execute the code. So basically you don't even need to be viewing an embedded wmf at all, someone could post what appears to be a broken jpg image and even Firefox will then try and display it and then windows executes the code without a prompt. I've tried this using a safe version of the exploit (in jpg, gif and avi form) and my NOD32 anti-virus kicked in as soon as Firefox tried to render the page.

My question was just whether you felt the site was ok (which you feel it is), given that a lot of images get posted here, there's a lot of potential for some serious abuse. As for patching it, this particular issue has no official patch from MS yet (it was only discovered a few days ago), it's not the same jpg issue as before.

we'll have to make sure we don't get into any 30fps arguments, 360 vs kitchen sink, snes vs megadrive or whatever until this blows over, or a patch is released. the scary thing is that firefox is still a bit vulnerable, but you say your antivirus stopped it at least, so that's a start. it'd probably be wise for us to turn pics off for a bit incase our antivirus software isn't prepared, unless this is the sort of thing that the heuristics can intercept?

insane, I feel for any windows users

I think it got caught by my AV because it was a test file based off a known version of the exploit, it checks for updates every few hours. The problem is how many variants are out there or still being made? Every lowlife spyware writer will be all over this.

There's an unofficial patch here that's been examined by the ISC, apparently the official one isn't due for another week (10/1). Apparently people with XP SP2 might get some benefit from enabling Data Execution Prevention for all programs (AMD64 processors support this in hardware).

[ignore]

Even MS have said that disabling that dll will not guarantee protection. The fault lies with another dll (GDI32.DLL) which is too widely used on the system to be disabled, the picture and fax viewer dll (shimgvw.dll) was just one method of attack.

There's a PDF file here that has a flow chart explaining how it works.

its scary using XP as a main computer OS nowadays

That's not strictly true of Firefox. NOD picked up the file access and a preventative scan block the image but Firefox doesn't rely on GDI to render the WMF image as far as I'm aware so you're more than likely safe (not that it's a high risk virus at any rate, no more so than the previous JPG bug).

Yeah, the site is fine. Just the idiot users.

And using XP is dangerous? Never tried Linux, technically an OS at a far greater risk?

MS have just released their patch early:

risk?

I've put the patch on, IE has been crashing ever since, nice one M$.......

i still have the unofficial patch (whoops) and using firefox. no problems so far, and i haven't adjusted my browing habits since hearing about the exploit.

i'll get the proper patch now...