MS05-053 Microsoft Windows Image Viewing Vulnerability
Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec’s AV definition to detect such an exploit is a bit too paranoid and flags lot’s of emf files as having an exploit for the same. The workaround is to disable emf files from virus scans.
Trendmicro apparently has discovered the trojan, TROJ_EMFSPLOIT.A which causes Explorer to crash. (From the vulnerability details I was expecting worse, but…. remember this will likely be refined as the days go on – we’re at 2 days since the announcement.)
It sounds like the Symantec false positive affects almost all EMF files, but most particularly those generated by Excel.