Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Microsoft
Security 

Malicious Software Encyclopedia: Exploit:Win32/Wmfap

Published: August 31, 2006

Exploit:Win32/Wmfap detects files that are potentially exploiting the WMF vulnerability described in Microsoft Security Advisory 912840. For details, see: http://www.microsoft.com/technet/security/advisory/912840.mspx
 
The detection is designed to detect unknown malicious WMF files only; all known exploits are detected with specific signatures. The Exploit:Win32/Wmfap detection validates the structure of a WMF file and looks for features associated with the malicious exploit.
 
Microsoft is not aware of any legitimate use of the mechanism that is being exploited. Therefore all the files reported by our products as suspicious are most likely malicious.
 
Microsoft provided a security update, described in Microsoft Security Bulletin MS06-001, on January 5, 2006 which addresses the WMF vulnerability. Apply the MS06-001 update to protect against exploit of the WMF vulnerability. To install this and other important updates, visit http://update.microsoft.com.

**

Related Links

Detection Tools - Microsoft

Security Advisory - Microsoft

Glossary Terms

Click the term to get the definition from our Security Glossary.

Trojan horse

virus

worm

**
On This Page
Threat OverviewThreat Overview
Related Security BulletinsRelated Security Bulletins
Technical AnalysisTechnical Analysis
How to Prevent InfectionHow to Prevent Infection
How to Tell If Your Computer Is InfectedHow to Tell If Your Computer Is Infected
Transmission MethodsTransmission Methods

Threat Overview

Class/typeExploit - Generic
DiscoveredOctober 7, 2008
CirculatingYes
Affected operating systemsWindows 2000
Windows XP
Windows Server 2003
Windows ME
Windows 98
Affected software Not specified
Infection ratingMedium
Recovery difficultyModerate
Damage ratingMedium
Transmission ratingMedium

Related Security Bulletins

The following Microsoft Security bulletins are related to this issue:

  • MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

    • Technical Analysis

    How to Prevent Infection

    Please refer to the security advisory to learn how to protect against exploit of this vulnerability: http://www.microsoft.com/technet/security/advisory/912840.mspx

    How to Tell If Your Computer Is Infected

    There are no readily apparent indications that your computer is infected with Exploit:Win32/Wmfap.

    Transmission Methods

    MethodDescription
    Exploits VulnerabilityMS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

    © 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement