Spotlightingnews

Symantec Warns About New Windows Metafile Vulnerabilities

Microsoft’s patch doesn’t seem to have solved all the issues around the WMF bugs

Soon after Microsoft released an early patch for the Windows Metafile (WMF) image processing flaw, a security company warned about multiple memory corruption vulnerabilities in the patched version.

According to Symantec, an attacker could use these problems to carry out denial-of-service (DoS) attacks, or even execute arbitrary code, which usually means complete control of a users' computer.

These bugs might be introduced with the patch issued by Microsoft on Thursday, but apparently, they exploit different functions in the WMF rendering engine.

"Reports indicate that these issues lead to a denial-of-service condition, however, it is conjectured that arbitrary code execution is possible as well," Symantec said.

Everyone that opens an email which contains an attached malicious image, or visits a website that has such images can be attacked through this vulnerability, just as they could before the patch.

According to Symantec, viewing a malicious file in Windows Explorer might automatically trigger the issues. Any gif, jpg, png or tif file can carry malicious code to perform denial of service or run arbitrary code.

Symantec advised Internet users to disable the Windows Picture and Fax Viewer application, just as it did for the original vulnerability.