Home > Threat descriptions >

Trojan:W32/PFV-Exploit

Classification

Category: Malware

Type: Trojan

Aliases: Trojan:W32/PFV-Exploit

Summary


Trojan:W32/PFV-Exploit is a detection for files containing an exploit for a vulnerability in Windows WMF (Windows Metafile) handling.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The vulnerability may be exploited either locally or remotely, if an attacker can trick the user into viewing a specially crafted WMF file. Possible attack scenarios are:

  • When user visits malicious web site containing a specially crafted WMF file
  • When user views malicious WMF file (locally or network share)
  • When user opens email containing malicious WMF

A new exploit targeting this vulnerability was found in the wild in December 28th 2005.

More

According to Microsoft, the following versions of Windows are affected by the flaw:

  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP Professional x64
  • Windows Server 2003
  • Windows Server 2003 SP1
  • Windows Server 2003 Itanium
  • Windows Server 2003 Itanium SP1
  • Windows Server 2003 x64
  • Windows 98SE, ME

Please see the following links for more details: