A side note on the use of WMF filetype (also see Howard Kaplan post above):

While the .wmf image file type can generally still be used in recent Windows versions, it's use has been minimal, and Win2K and WinXP, and compatible programs, don't use it much. It has been usable, but "deprecated" as a preferred file type of recent Windows OS and applications.

A vulnerability has been found that allows a malicious specially crafted .wmf file to be used to remotely take over control of a computer. The malicious .wmf file can be downloaded directly, or can be embedded in another file such as a Word document. Such malicious .wmf files have been found in circulation and an unknown number of successful exploits have been reported.

The exploit requires both the presence of a maliciously created .wmf file, and a vulnerability in the image rendering program used by the OS. The security patches to correct the rendering program vulnerability are listed as Critical Updates for WinXP, Win2K, and some Windows Server versions.

The vulnerability appears to be present for Win95/Win98, but there is no patch, and it's listed as "not Critical" for these and older Windows systems. It is possible that machines running the older Win versions are considered "not capable of useful exploit" or that the installed base of machines using these older systems is considered "too small to be of interest" (like Macs ;-) to those likely to use the exploit method.

The Microsoft Security Bulletin describing all this is at Microsoft Security Bulletin MS06-001 (05 Jan 2006). Users of the main affected Windows version who get automatic updates should already be "patched." Other affected users should probably get patched.

Those who object to believing anything Microsoft puts out can look at SANSFire for a typical "unbiased(?)" – and a little less terse – description.

I have not seen any reports of non-Windows users being affected, but the presence of "Windows emulators" could present some risk that the vulnerability exists in some other systems. The greater danger, perhaps, is that a user of another system could pass on "infected" .wmf files to others, probably without ever knowing it happened.

Users of .wmf files may also encounter others who have simply "unregistered" .wmf files, making them less useful, since this is an action recommended in "hotfixes" for people who might have trouble installing the more general updates, and according to the SANSFire site was probably used by a number of people before the Microsoft patches were released.

Note that most rendering engines do NOT use the filetype from the file extension to identify how to render it. They rely on descriptors internal to the file, so a .wmf filetype can have any file extension in the filename, and still be detected as being a wmf filetype and when opened can trigger the exploit on affected machines.

This is not a "Major Panic" issue, but anyone using wmf filetypes should be aware of the possibility of a few glitches, even if not using the "affected" programs.

Now back to music.

John