信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx




Microsoft Releases Security Update to Fix Vulnerability in Windows
Vulnerability in graphics rendering engine could allow remote code execution.

REDMOND, Wash. – Jan. 5, 2006 – On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows

WMF: patches and workarounds explained (NEW)

http://isc.sans.org/diary.php?storyid=1012

http://www.section66.com/handlers/WMF.ppt
http://www.section66.com/handlers/WMF.pdf


目前這个漏洞 Microsoft 的解法是 unregister shimgvw.dll，不过这个解法治標不治本，无法根本修補漏洞，而且还会造成部份软体异常。
http://www.microsoft.com/technet/security/advisory/912840.mspx

复制内容到剪贴板

代码:

regsvr32 -u %windir%\system32\shimgvw.dll

PS: Windows 图片和传真监视器(shimgvw.dll) [s:61]

复制内容到剪贴板

代码:

regsvr32.exe /u shimgvw.dll

禁止wmf执行  


先Kill掉SFC

用Uedit32打开gdi32.dll，查找 53 57 ff d0 85 c0
修改成33 c0 90 90 85 c0，重启即可

简中Windows 2003 SP1测试成功