Author Topic: wmf exploit protection?  (Read 4451 times)

0 Members and 1 Guest are viewing this topic.

lightinf

  • Guest
wmf exploit protection?
« on: December 31, 2005, 07:26:30 PM »
Does Avast! protect against the Windows WMF exploit?

see the Microsoft link below for details:

http://www.microsoft.com/technet/security/advisory/912840.mspx

see Steve Gibson's Security Now show notes for details:

http://www.grc.com/sn/notes-020.htm

Regards,

Mike

lightinf

  • Guest
Re: wmf exploit protection?
« Reply #1 on: December 31, 2005, 07:34:47 PM »
Please disregard.

I found the good info in another forum.

Sorry for the inconvenience.

Regards,

Mike

Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: wmf exploit protection?
« Reply #2 on: January 01, 2006, 07:49:48 AM »
Please disregard.

I found the good info in another forum.

Sorry for the inconvenience.


Is it a secret!! ;D I mean the other forum ;)
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

Thorny

  • Guest
Re: wmf exploit protection?
« Reply #3 on: January 01, 2006, 01:17:33 PM »
I don't know the answer about whether Avast can protect against wmf exploit, but there is an interesting thread on Wilder's Security Forum about how Kerio Firewall users (Free & Paid versions) can protect themselves using a snort rule http://www.wilderssecurity.com/showthread.php?t=113359

GYL

  • Guest
Re: wmf exploit protection?
« Reply #4 on: January 01, 2006, 03:02:59 PM »
 :D read here please!http://www.wilderssecurity.com/showthread.php?t=113538

lightinf

  • Guest
Re: wmf exploit protection?
« Reply #5 on: January 01, 2006, 04:23:52 PM »
No secret - I saw the discussion in the avast! Viruses & Worms forum.

BTW, Steve Gibson has posted a link to what he believes is a patch that can be used until Microsoft gets their act togeter.

Check out the top section of http://www.grc.com/sn/notes-020.htm


Cheers

and Happy New Year :D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: wmf exploit protection?
« Reply #6 on: January 01, 2006, 04:36:46 PM »
Better still a forum search for WMF Exploit should return the info you seek as it has been discussed in a couple of threads. This being just one of them http://forum.avast.com/index.php?topic=18295.0

So Yes avast covers current exploit variants.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

lightinf

  • Guest
Re: wmf exploit protection?
« Reply #7 on: January 01, 2006, 05:04:56 PM »
Exactly the thread I was referring to.

I also learned about URL blocking using the Web Shield, too!

So, it was "all good"

Cheers.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: wmf exploit protection?
« Reply #8 on: January 01, 2006, 05:15:51 PM »
Just pinched this from another website.  Good on Ya Avast
Quote
Days after the revelation of a flaw in Windows' handling of WMF graphics files, dozens of exploits are being spread from thousands of adware sites. But good protection is available.

At the same time, further testing confirms that a workaround issued by third parties and endorsed by Microsoft Corp. is effective in most regards, and in the most important circumstances, but not in all. Also, the workaround has side effects that could prove troublesome.

AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:

* Alwil Software (Avast)
* Softwin (BitDefender)
* ClamAV
* F-Secure Inc.
* Fortinet Inc.
* McAfee Inc.
* ESET (Nod32)
* Panda Software
* Sophos Plc
* Symantec Corp.
* Trend Micro Inc.
* VirusBuster

These products detected fewer variants:

* 62 — eTrust-VET
* 62 — QuickHeal
* 61 — AntiVir
* 61 — Dr Web
* 61 — Kaspersky
* 60 — AVG
* 19 — Command
* 19 — F-Prot
* 11 — Ewido
* 7 — eSafe
* 7 — eTrust-INO
* 6 — Ikarus
* 6 — VBA32
* 0 — Norman