Following a disastrous month in which a huge hole was found in Windows and then the OS source code, leaked a "moderately critical" hole has been discovered in XP that could give system access, cause a denial of service and be used to increase access privileges.
The vulnerability is caused by boundary errors (possibly in "shimgvw.dll") when processing Enhanced Metafiles (ending in ".emf"), according to security site Secunia, which goes on to give Jellytop credit for the discovery.
As memory is allocated based on size information in the file's header, an overflow can be caused by specifying a size field smaller than the actual size of the file and header.
If someone is directed to a malicious file or navigates to a certain directory when the malicious file is displayed as a thumbnail, it can cause Explorer to crash and, it is reported, allow code to be run on the machine.
Windows Metafiles (.wmf) with malformed size can act as denial-of-service attacks by consuming 99 per cent of CPU resources, bringing a computer to a grinding halt.
Advice is not to view .emf files, unless from someone you trust, and not to display the contents of directories as thumbnails.
Anyone interested in finding out more should visit Secunia's site here.
Find your next job with techworld jobs