Virus:EXP/MS06-001.WMF
Type:Exploit
In the wild:Yes
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Medium
Static file:No
Engine version:6.33.00.74

 General Aliases:

Non working variants may be identified as:
   •  EXP/MS06-001.WMF.Intended

It was previously detected as:
   •  EXP/IMG.WMF

 Special detection MS06-001 (Vulnerability in Graphics Rendering Engine)

Description:
EXP/IMG.WMF is a generic detection for exploits using a vulnerability in the Microsoft Windows Graphics Rendering Engine.

Modified WMF files that make use of this vulnerability can activate payload code without execution of the file itself. This may happen while marking a file in Windows Explorer or surfing to a malicious website using Microsoft Internet Explorer.

Note that we received many files that make use of this vulnerability. Some of them were available even before the official patch was available which gained it the "0-day exploit" name.

Please make sure that you download and install the patch in order to be protected against this threat. The patch itself among further technical information can be found here: MS06-001


Version history:
The following engine updates were released in order to enhance detection:

   •  6.33.0.74   ( 03/01/2006 )
   •  6.33.0.75   ( 05/01/2006 )
   •  6.33.0.77   ( 10/01/2006 )
   •  7.06.00.78   ( 28/03/2008 )

Description inserted by Oliver Auerbach on Sunday, January 8, 2006
Description updated by Andrei Ivanes on Friday, March 28, 2008

Back . . . .