Any News if Opera is vulnerable to the Windows Metafile Worm?
Mike Monett
Does anyone know if Opera 8.51 is vulnerable to the new WMF worm released
last night?
Here is some info:
"wmf (windows media file) critical security threat, etc. etc.
Watch out for WMF's on bad web sites. On Firefox, you at least have to
click something for it to happen. On IE it infects automatically."
http://www.aota.net/forums/showthread.php?p=143053
New IM Worm Exploiting WMF Vulnerability
Posted by CmdrTaco on Sunday January 01, @12:50PM
from the happy-new-years-windows-users dept.
An anonymous reader writes "After less than a four days after original
mailing list posting there are reports about a new Instant Messaging worm
exploiting unpatched Windows Metafile vulnerability. This worm is using
MSN to spread, reports Viruslist.com."
http://slashdot.org/#main-articles
Please post any info here. Thanks.
Mike Monett
Mike Monett
> http://slashdot.org/#main-articles
This should be
http://it.slashdot.org/it/06/01/01/1550258.shtml
This link may drop off the current list in a day or so and the url may
change. But if this worm is as bad as everyone states, it will be all
over the news soon so there should be plenty of information on it.
Good Luck All,
Mike Monett
Rijk van Geijtenbeek
> To All,
>
> Does anyone know if Opera 8.51 is vulnerable to the new WMF worm released
> last night?
>
> Here is some info:
>
> "wmf (windows media file) critical security threat, etc. etc.
> Watch out for WMF's on bad web sites. On Firefox, you at least have to
> click something for it to happen. On IE it infects automatically."
Opera cannot display WMF files natively, so it is not vulnerable in
itself. With the default configuration Opera opens the download dialog for
such files. If you click 'Open' and the default handler is the 'MS Picture
and fax viewer', you can apparently be infected by malicious WMF files. So
treat WMF files with the same caution as EXE and BAT etc files, I'd say.
And don't change Opera's settings to directly open such files...
> http://www.aota.net/forums/showthread.php?p=143053
>
> New IM Worm Exploiting WMF Vulnerability
> Posted by CmdrTaco on Sunday January 01, @12:50PM
> from the happy-new-years-windows-users dept.
> An anonymous reader writes "After less than a four days after original
> mailing list posting there are reports about a new Instant Messaging worm
> exploiting unpatched Windows Metafile vulnerability. This worm is using
> MSN to spread, reports Viruslist.com."
>
> http://slashdot.org/#main-articles
>
> Please post any info here. Thanks.
>
> Mike Monett
--
Get Opera 8 now! Speed, Security and Simplicity.
http://my.opera.com/Rijk/affiliate/
Rijk van Geijtenbeek
Opera Software ASA, Documentation & QA
Tweak: http://my.opera.com/Rijk/blog/
Mike Monett
[...]
> Opera cannot display WMF files natively, so it is not vulnerable in
> itself. With the default configuration Opera opens the download dialog for
> such files. If you click 'Open' and the default handler is the 'MS Picture
> and fax viewer', you can apparently be infected by malicious WMF files. So
> treat WMF files with the same caution as EXE and BAT etc files, I'd say.
> And don't change Opera's settings to directly open such files...
>
> Rijk van Geijtenbeek
> Opera Software ASA, Documentation & QA
> Tweak: http://my.opera.com/Rijk/blog/
Whew! Thanks, Rijk. That is very much appreciated.
Mike Monett
Mark V
> To All,
>
> Does anyone know if Opera 8.51 is vulnerable to the new WMF worm
> released last night?
[ ]
There is an WMF exploit that is within the Windows operating
systems (98->W2K3). Any reference to "new WMF worm" or similar is
speaking to a payload of malware that Windows may run if the
exploit is successful. This is very serious vulnerability in
Windows that you should not ignore.
Any graphics rendering process on Windows _may_ be problematic, so
Opera is part of an entire class of programs that may allow an WMF
exploit to succeed on un-patched systems. The exploit files
involved may be named anything, but especially ordinary graphics
formats and not just .wmf
Otherwise, the scope and topic of this vulnerability falls outside
the purpose of Opera's groups.
They key is to address (patch) the vulnerability in Windows GDI.
Microsoft has not yet done so but offers this (weak) Security
Advisory
http://www.microsoft.com/technet/security/advisory/912840.mspx
I suggest you visit here,
http://www.grc.com/sn/notes-020.htm
And if you run an NT5x Windows opsys, I strongly suggest the
WNFfix unofficial patch (a low level temporary mitigation)
http://www.hexblog.com/2005/12/wmf_vuln.html
(not available for W98, W98SE and WinME at this time)
Also
http://isc.sans.org/diary.php
(And the previous 4 days)
And
http://www.f-secure.com/weblog/
(since the 28th)
--
(Opera Win32 8.51 7712 (registered); W2K, SP4; ADSL; Sun JRE 1.4.2_
08) [ and Opera 9.x P1-8031 ]
George Orwell
> To All,
>
> Does anyone know if Opera 8.51 is vulnerable to the new WMF worm released
> last night?
No web browser is vulnerable. :)
The problem is with Windows, not any specific piece of software. The only
way a piece of third party software could have any effect at all is if it
used internal graphics display methods and more or less "bypassed" this
bug.
> "wmf (windows media file) critical security threat, etc. etc. Watch out
> for WMF's on bad web sites. On Firefox, you at least have to click
> something for it to happen. On IE it infects automatically."
This isn't necessarily true because most browsers can be configured to
open files automatically. FF and Opera might default to asking, but after
a few mouse clicks I'd say they would be every bit as able to pass problem
files to Windows unabated.
Ivan Magerle
> User-Agent: Opera Mail(BETA2)/9.00 (Win32)
Slurp! ;) I want that! ;)
--
This fire is out of control, I'm going to burn this city, burn this city...
Haavard Kvam Moen
<nob...@mixmaster.it> wrote:
...
> > "wmf (windows media file) critical security threat, etc. etc. Watch out
> > for WMF's on bad web sites. On Firefox, you at least have to click
> > something for it to happen. On IE it infects automatically."
>
> This isn't necessarily true because most browsers can be configured to
> open files automatically. FF and Opera might default to asking, but after
> a few mouse clicks I'd say they would be every bit as able to pass problem
> files to Windows unabated.
The statement is definitely true. That Opera and Firefox could
probably be configured to behave differently doesn't negate the fact
that the default behaviour - the one people who don't know their way
around browsers will experience - is dangerous in IE, but not in Opera
and Firefox.
*
Much worse than IE. Opera is a piece of shit. Avoid at all costs !
------
Ted S.
in news:op.s2qvc3b050h25km4gi@ivan-kanta:
> On Sun, 01 Jan 2006 21:51:37 +0100, Rijk van Geijtenbeek wrote:
>
>> User-Agent: Opera Mail(BETA2)/9.00 (Win32)
>
> Slurp! ;) I want that! ;)
Isn't 9.0 a beta available for download? ;-)
--
Ted <fedya at bestweb dot net>
Oh Marge, anyone can miss Canada, all tucked away down there....
--Homer Simpson
Ken Knox
> Somebody claiming to be "Ivan Magerle" <ma...@email.t-com.hr.invalid>
> wrote
> in news:op.s2qvc3b050h25km4gi@ivan-kanta:
>
>> On Sun, 01 Jan 2006 21:51:37 +0100, Rijk van Geijtenbeek wrote:
>>
>>> User-Agent: Opera Mail(BETA2)/9.00 (Win32)
>>
>> Slurp! ;) I want that! ;)
>
> Isn't 9.0 a beta available for download? ;-)
>
Yep, but it's beta 1, not beta 2! :-)
--
Ken
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Bob
Reportedly, even that does not fix the problem, because it has to do
with the way Windows handles images. At some point, it is not the
browser's issue; it is Windows' issue.
Any virii using the bug yet?
Bob
No way. This bug is dangerous in any browser. I recommend all Windows
NT-series users go to
http://www.hexblog.com/2005/12/wmf_vuln.html
immediately and d/l and install the patch. Until MS comes up with
something better. Read up on this bug. There are no safe Windows
browsers with this bug.
Mark V
You may want to research the core vulnerability a bit more Haavard.
I don't intend to negate any of Opera's well noted security, but
this exploitable vulnerability is deep withing the Windows platform
and should be addressed there.
PS Microsoft has a "goal" of issuing patches for this on January
10th for supported versions of Windows.
Brixomatic
> Opera is vulnerable to EVERY and ALL viruses, worms, and trojans.
> Much worse than IE. Opera is a piece of shit. Avoid at all costs !
Boring flame attempt.
I've seen trolls who are much more creative.
-Wanja-
ps: *PLONK*
--
"Gewisse Schriftsteller sagen von ihren Werken immer: 'Mein Buch, mein
Kommentar, meine Geschichte'. [..] Es wäre besser, wenn sie sagten:
'unser Buch, unser Kommentar, unsere Geschichte'; wenn man bedenkt, dass
das Gute darin mehr von anderen ist als von ihnen." [Blaise Pascal]
rja.ca...@excite.com
Rijk van Geijtenbeek wrote:
> On Mon, 02 Jan 2006 00:15:02 +0100, Mike Monett wrote:
>
> > To All,
> >
> > Does anyone know if Opera 8.51 is vulnerable to the new WMF worm released
> > last night?
> >
> > Here is some info:
> >
> > "wmf (windows media file) critical security threat, etc. etc.
> > Watch out for WMF's on bad web sites. On Firefox, you at least have to
> > click something for it to happen. On IE it infects automatically."
>
> Opera cannot display WMF files natively, so it is not vulnerable in
> itself. With the default configuration Opera opens the download dialog for
> such files. If you click 'Open' and the default handler is the 'MS Picture
> and fax viewer', you can apparently be infected by malicious WMF files. So
> treat WMF files with the same caution as EXE and BAT etc files, I'd say.
> And don't change Opera's settings to directly open such files...
AIUI this applies to any labelled file type handed to MS Picture
viewer, if the file is internally WMF but not labelled so - for
instance, pseudo-JPEG which are really malicious pseudo-WMF have been
described. But specifically JPEG is done by Opera itself and not by
Windows, yes? But other formats.......
WMF also can be embedded inside Windows documents, including Word
obviously.
Running Linux for a week seems like a good idea... or unplugging the
Internet.
http://computerworld.co.nz/news.nsf/news/B4714903757E6CBECC2570EB001286D4
mentions the JPEG angle but I'm not sure where they got it from.
Rijk van Geijtenbeek
> Rijk van Geijtenbeek wrote:
[..]
>> So
>> treat WMF files with the same caution as EXE and BAT etc files, I'd say.
>> And don't change Opera's settings to directly open such files...
>
> AIUI this applies to any labelled file type handed to MS Picture
> viewer, if the file is internally WMF but not labelled so - for
> instance, pseudo-JPEG which are really malicious pseudo-WMF have been
> described. But specifically JPEG is done by Opera itself and not by
> Windows, yes? But other formats.......
Yes, you are right. Anything labeled as a graphics format, which you hand
off to 'Microsoft Picture and Fax Viewer', can cause problems.
Now what I really want to know: is Irfanview using Windows libraries that
make it vulnerable as well?
Bob
> On Wed, 04 Jan 2006 03:05:49 +0100, rja.ca...@excite.com wrote:
>> Rijk van Geijtenbeek wrote:
>
> [..]
>
>>> So
>>> treat WMF files with the same caution as EXE and BAT etc files, I'd say.
>>> And don't change Opera's settings to directly open such files...
>>
>> AIUI this applies to any labelled file type handed to MS Picture
>> viewer, if the file is internally WMF but not labelled so - for
>> instance, pseudo-JPEG which are really malicious pseudo-WMF have been
>> described. But specifically JPEG is done by Opera itself and not by
>> Windows, yes? But other formats.......
>
> Yes, you are right. Anything labeled as a graphics format, which you
> hand off to 'Microsoft Picture and Fax Viewer', can cause problems.
> Now what I really want to know: is Irfanview using Windows libraries
> that make it vulnerable as well?
Apparently so...
Roger Johansson
Ken Knox wrote:
> >> Slurp! ;) I want that! ;)
> > Isn't 9.0 a beta available for download? ;-)
> Yep, but it's beta 1, not beta 2! :-)
It is not so easy to find the beta version. You have to go into the
forums on opera.com, find the beta forum and the link to the beta
version is to be found in a message.
Anyhow, here is the current beta version:
http://snapshot.opera.com/windows/w90p1.html
--
Roger J.