Malicious WMF files stored in Opera’s cache can infect Windows – Opera Security Advisories

Summary

Windows Meta Files (.wmf) can contain executable code. A specially craftedWMF file can infect Microsoft Windows with malicious software when it is openedwith Windows’ own WMF parser. Opera itself is not affected, but if vulnerableprograms open WMF files in Opera’s cache, they can be infected.

Severity: High

Problem description

WMF files stored in Opera’s cache can be read by other programs, in some caseswithout user interaction. Programs like Google Desktop, that continuouslyindex the user’s files, will pass the files in the cache to Windows, whichis vulnerable to malicious WMF files.

Windows recognizes WMF files as such even when they do not have the .wmfexstension; filtering away files with the .wmf extension will not eliminatethe problem. There are exploits in circulation that mask the maliciouscode with large chunks of padding, to make any effective scanning veryresource intensive. Thus, even fully updated filtering firewalls andanti-virus software can fail to provide adequate protection.

Opera’s response

 

This is a vulnerability in Microsoft Windows, and an update,Microsoft Security Bulletin MS06-001,from Microsoft is already available. Opera recommends Windows users toinstall the update, either manually or through Windows Update.