We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Exploit:Win32/Wmfap
Detected by Microsoft Defender Antivirus
Aliases: No associated aliases
Summary
Exploit:Win32/Wmfap detects files that are potentially exploiting the WMF vulnerability described in Microsoft Security Advisory 912840. For details, see: http://www.microsoft.com/technet/security/advisory/912840.mspx
The detection is designed to detect unknown malicious WMF files only; all known exploits are detected with specific signatures. The Exploit:Win32/Wmfap detection validates the structure of a WMF file and looks for features associated with the malicious exploit.
Microsoft is not aware of any legitimate use of the mechanism that is being exploited. Therefore all the files reported by our products as suspicious are most likely malicious.
Microsoft provided a security update, described in Microsoft Security Bulletin MS06-001, on January 5, 2006 which addresses the WMF vulnerability. Apply the MS06-001 update to protect against exploit of the WMF vulnerability. To install this and other important updates, visit http://update.microsoft.com.
Follow us
