Trojan:W32/PFV-Exploit is a detection for files containing an exploit for a vulnerability in Windows WMF (Windows Metafile) handling.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The vulnerability may be exploited either locally or remotely, if an attacker can trick the user into viewing a specially crafted WMF file. Possible attack scenarios are:
- When user visits malicious web site containing a specially crafted WMF file
- When user views malicious WMF file (locally or network share)
- When user opens email containing malicious WMF
A new exploit targeting this vulnerability was found in the wild in December 28th 2005.
According to Microsoft, the following versions of Windows are affected by the flaw:
- Windows 2000 SP4
- Windows XP SP1
- Windows XP SP2
- Windows XP Professional x64
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 Itanium
- Windows Server 2003 Itanium SP1
- Windows Server 2003 x64
- Windows 98SE, ME