• Nearly live shoutbox

  Last Message 1 day, 21 hours ago

  2 guests are online.

  • Rossco.eu : Theres nothing wrong with .NET =P And your just jealous you aint got a Mac ( I have 3 XD )
  • Tarun : 394: AVG's bloated, has had recent resource leeching issues and the recent removal of user32.dll
  • Guest_2905 : with the abundance of portable apps out, is there any reason to still install the full versions?
  • Guest_394 : dont install AVG? Why?
  • Tarun : 4473: You don't want to install Yahoo or AVG.
  • Tarun : 580: Use Dial-a-fix to repair WU or reinstall it through Tools.
  • Guest_4473 : i cannot install yahoo messenger and avg
  • Guest_2088 : someone in SA suggest me to see you
  • Guest_580 : how can I repair windows update engine
  • DjLizard : Guest_2079: I have no idea what you're saying. Post a complete report at «link» in general tech support (NOT the Dial-a-fix forum)
  • Guest_2079 : Software Distribution 3.0 how do you remove it?
  • DjLizard : @Titotinton: The way this economy is going, I could definitely use any donation and it would be most appreciated. I have begun working on Dial-a-fix again and hope to be able to release a new version in the distant future.
  • Tarun : @Titotinton: Any amount you can spare DjLizard is always helpful. People who show appreciation by donating help keep developers interested and motivated. It shows an active interest in their product.
  • Tarun : @biff: 7 is going to be a lot like Vista, so DAF should be able to work with it without any major issues. But that's speculation right now.
  • Titotinton : tell us how much do u want us to contribute i will my best to help ya out
  • biff steelchin : But seriously, if Windows 7 is going to be significantly different (again), why bother woroking on a DAF release for Visturd rather than just moving forward to a W7 version?
  • biff steelchin : dammit i just lost =(
  • biff steelchin : Why am i still manually breathing?
  • Tarun : News on Dial-a-fix: DjLizard : If people donate I might work on Dial-a-fix .... !
  • luke : any word on Vista Dialafx yet gents?
  • Brad : How you doing mike? long time no see.
  • Guest_1839 : (oops) ...k on it.
  • Guest_1839 : Hello there, now that i found this site, i just need to say, this is one of the most useful tools i have it works EVERY time, you did GREAT wor
  • Digital404 : Hello there DjLizard i wanted to say nice work on the dial a fix program
  • Ness : hehehe... the phone girl. I wonder who that is???
  • The Phone Girl : We miss you Mr. Lizard!
  • DjLizard : If people donate I might work on Dial-a-fix .... !
  • DjLizard : Hello Ness! <3
  • Guest_1784 : why is memory so expensive at Best Buy compared to those links?
  • Guest_1784 : hi! Thanx for memory info
  • Ness : Hello

  Name: URL/Email: Message:
• Search for:

• Non-technical

  • ChrisEccleston.com
  • SteamyKitchen.com food blog

• Technical

  • BootZilla tech CD
  • Computer America
  • Digital Doctors
  • gur.in/j/ - PC help site
  • Lunarsoft.net
  • Simon’s PC Services
  • Symantec Sucks

• Categories

  Select Category Activism  (1) Apple  (1) Computer America  (6) Data recovery  (4) Delphi  (4) Dial-a-fix  (52) djlizard  (3) Fixes  (33) General  (49) Hack  (7) Hardware  (1) History  (1) Linux  (2) Mac  (1) Medical  (1) Microsoft  (10) Music  (4) Non-technical  (2) Ranting  (7) Security  (11) Software  (86) Stupid  (8) Technical  (50) Viruses  (5) Vista  (16) Windows 2000  (6) Windows Update  (2) XP  (10) Zealotry  (1)

• Archives

  Select Month November 2008  (1) October 2008  (2) August 2008  (2) July 2008  (1) June 2008  (2) December 2007  (4) October 2007  (18) September 2007  (3) August 2007  (7) July 2007  (1) June 2007  (2) May 2007  (3) April 2007  (3) March 2007  (3) February 2007  (6) January 2007  (2) December 2006  (2) November 2006  (6) October 2006  (12) September 2006  (8) August 2006  (4) July 2006  (1) June 2006  (16) May 2006  (5) April 2006  (4) March 2006  (9) February 2006  (7) January 2006  (8) December 2005  (7) November 2005  (14) October 2005  (1) September 2005  (5) August 2005  (10) July 2005  (14) June 2005  (15)

This has hit the wild, and although everyone's reported it already, there is a workaround and something to note about Dial-a-fix, so I figure I should let the users of my site know about it.

Basically, it is an exploit that affects WMF (Windows meta file — clipart) files via a bug in shimgvw.dll. This is kind of similar to the JPEG exploit from a while back.

More info: http://www.securityfocus.com/brief/89

To sort-of work around this, you can go to Start > Run > and type regsvr32 /u shimgvw.dll. Dial-a-fix *does* register this DLL via the Shell checkmark on the More... dialog, so if you use that section of Dial-a-fix and want to stay protected from WMF files until Microsoft issues a patch, you must regsvr32 /u shimgvw.dll again after using that section of Dial-a-fix. Note that there will be a loss in functionality in various sections of Windows, as shimgvw.dll does a lot of things for XP, not just thumbnails and Picture and Fax Viewer. Firefox is not directly affected, but if you open or save the WMF file when prompted, you will then be attacked (when shimgvw.dll creates a thumbnail of the WMF, or if you open it from Firefox).

BugTraq update:

If the exploit file is named with another graphics extension (i.e. .gif, .jpg, .png, .tif), the GDI library will still read it correctly as a WMF file and execute the exploit. As a result, all common graphics files can carry the exploit.

Comments