F-Secure Virus Information Pages : PFV-Exploit THIS VIRUS IS RANKED AS LEVEL 2 ALERT UNDER F-SECURE RADAR. Radar Alert LEVEL 2 [Summary] | [Detailed Description] Name: PFV-Exploit Alias: WMF, Exploit.Win32.IMG-WMF, Exploit.Win32.Agent.r, Trojan-Downloader.Win32.Agent.acd Category: Virus Platform: Win32 Summary W32/PFV-Exploit is detection for files containing exploit for vulnerability in Windows WMF (Windows Metafile) handling. The vulnerability may be exploited by the attacker locally or remotely if the user is tricked to view a specially crafted WMF file. Detailed Description A new exploit for vulnerability in Windows Metafile handling was found in the wild on December 28th 2005. The vulnerability may be exploited by the attacker locally or remotely if the user is tricked to view a specially crafted WMF file. Possible attack scenarios are: When user visits malicious web site containing a specially crafter WMF file When user views malicious WMF file (locally or network share) When user opens email containing malicious WMF Accoding to microsoft, the following versions of Windows are affected by the flaw: Windows 2000 SP4 Windows XP SP1 Windows XP SP2 Windows XP Professional x64 Windows Server 2003 Windows Server 2003 SP1 Windows Server 2003 Itanium Windows Server 2003 Itanium SP1 Windows Server 2003 x64 Windows 98SE, ME Please see the following links for more details: http://www.kb.cert.org/vuls/id/181038 http://www.microsoft.com/technet/security/advisory/912840.mspx http://www.f-secure.com/weblog/ Back to the Top Technical Details: Jarkko Turkulainen, December 29, 2005 Description Updated: Sami Rautiainen, January 13, 2006 F-Secure Corporation