....
No, this detection is really a generic detection of the "exploit" itself - the previous detections (Win32:Exdown) were removed from the database.
....
I like that statement
I mean, the author's name is probably not very-well known to common public, but I, personally, would certainly trust Ilfak Guilfanov more than all the sans.org's in the world.
Thanks to Igor for providing the information about how avast is detecting the exploit.
Regarding the patch provided by Ilfak, I have no problems running it with avast (web and on access scanning) on my german XP Pro system. Even at work, with another virus scanner, the patch works flawless.
I think with the patch it is not different than with all the other software being installed and run in Windows. You never know if the next software package you install, programmed by no matter what company, serious or less serious, can break your system. I guess everybody has to decide for himself, what to install and whom to trust. I myself would and will not trust or rely on information provided only by MS.
Concerning what can be harmful and what not, I think there are numerous serious sites on the internet which cover this problem, unfortunately sometimes in a quite technical way, extensively.
As far as I know, a WMF file can be renamed to JPG, GIF, BMP, PNG etc.. If you open such a file, Windows recognizes this file to be a WMF file due to header information within the file. The problem with that is, that a WMF file (or a renamed WMF file) can be found almost everywhere, see
Hello forum folks,
I stumbled upon this story to-night, read it "cum grano salis",
but you will notice what old "spooks" are hunting us now. Ever heard of a bunch of developers known as the Microsoft "undead"?
Read this: http://www.radsoft.net/resources/rants/20051231,00.shtml
If only 5% is true it is frightening.
polonus
They are right concerning where and how WMF pictures can be hidden or used. And that's what is frightening me. Send somebody a word document with an imbedded WMF (or renamed) picture, send somebody an email with an infected picture, posting such a picture on blogs, web-sites, etc. you just name it.
There is even a rumour that there may be more vulnerabilities in the way WMF files are handled by Windows. As I say, so far it's just a rumour, let's see what will happen...