Attached Link: http://spywarewarrior.com/viewtopic.php?t=18793&highlight

Take a look at this. http://spywarewarrior.com/viewtopic.php?t=18793&highlight

Attached Link: http://www.hexblog.com/security/files/wmffix_hexblog14.exe

**Account for domain hexblog.com has been suspended** Very strange!!!!!! The vulnerability fix file download still works.

http://www.hexblog.com/security/files/wmffix_hexblog14.exe Forget the link, now it was also censored!!!! Message edited on: 01/03/2006 17:49

Stupidity also evolves!

Attached Link: http://www.hexblog.com

There's now a simple page of links to mirrors for the fix.

The same message on this link Account for domain hexblog.com has been suspended,

Stupidity also evolves!

You probably picking a cached page up from somewhere.
I just checked again and they've added several more mirrors.

Nope..cache is clear. Still get this.

This is what I get. They've added 3 more mirrors and an MSI installer since my first post.

Some ISPs cache heavily requested pages, or it's possible that they switched servers and the DNS changes haven't propagated sufficiently yet.

Attached Link: http://sunbeltblog.blogspot.com/2006/01/alternate-download-for-unofficial.html

Found one.. http://sunbeltblog.blogspot.com/2006/01/alternate-download-for-unofficial.html

I don't know what happened with hexblog and why the site was removed or censored.
For luck I've downloaded the files. I run the vulnerability check and it reported that my Windows is invulnerable.
I was looking at the source code and in theory even Windows 3.0 can be affected, but my Windows 95 and 98 do not and I can't explain why!
I found some little errors in the code, I don't know if are important or not, I suppose that the checker program was tested with success before they made it available for download.
I don't know why Win95 and 98 is invulnerable by the check, the possibilities are:

1. THe check program doesn't work.
2. The errors that I found don't make it work in 95/98, in XP are not important.
3. The check program makes functions calls that doesn't work in 95/98
4. The theoricaly wmf flaw was not implemented in Win95/98 and only in XP.

I don't have any Windows XP at home, I shall try with some friends.

---

I found this

"It is true, as F-Secure says, that all versions of Windows back to 3.0 have the vulnerability in GDI32. But most versions of Windows are not quite as vulnerable as they appear. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files. One ironic point to conclude is that not until their most recent operating system versions did Microsoft include a default handler - the Windows Picture and Fax Viewer - for what has been, for years, an obsolete file format. And now it comes back to bite them."

It is very probable that the escape function SetAbortProc is not recognized in WMF player in Windows 3.0 3.1 95 and 98, it makes no sense this function (is for printers!!) In Windows XP Microsoft has stupidly implemented with playing WMF files with the obvious consequence.

Message edited on: 01/04/2006 03:08

Stupidity also evolves!