The newest pattern did it for me. I hope, avast not just added the heise.de demo exploit to their pattern but have a more common approach in detecting variants of this exploit. There seems to be virus gernerators out in the wild who allow almost anybody to inject harming code in wmf-files.
No, this detection is really a generic detection of the "exploit" itself - the previous detections (Win32:Exdown) were removed from the database.
This is indeed the answer to the question I asked in this thread when I started it 30.12.05. I asked for an official confirmation that the WMF exploit was covered by Avast!. As far as I can interpret this answer from another thread there was NO generic detection at the time I raised the question the first time.
Why not answer that?
Well, now the answer to my question is indeed YES and I am again a happy Avast! user.
HL
