IT News Online Staff - 2006-01-02
PandaLabs has detected a tool called WMFMaker being distributed across the Internet. This tool allows malicious WMFs to be generated from any other code, which allows malware to be dropped on user's systems. It then exploits the critical vulnerability in the Windows Meta File process that has not yet been resolved. This vulnerability affects all Windows systems.
Panda Software said the WMF generation kit is designed to be used from the commandline, by including the full path of the tool and of the executable file that will be run if the vulnerability is exploited. By doing this, a file with a .wmf extension is generated under a name that varies between "evil.wmf" and the name of the executable file included inside it.IT News