Another workaround for WMF exploit
There are at least two other workarounds for the Windows Meta File (WMF) exploit that I’ve been looking into this afternoon. These from sunbelt blog.
First up…
2. Change file associations for WMF files.
An equally ugly fix (but perhaps preferable) is to do the following:
1. Go to My documents, Tools, Folder Options, File Types.
2. Change WMF Image to notepad and select always open with this.
Your WMF files will open in Notepad. Ugly, but it is a fix.
The other solution is….
3. Run IESPYAD.
IESpyad is a free tool that puts block lists into IE’s restricted sites zone. It’s managed by Eric Howes, who works as a consultant for Sunbelt. We regularly update him with the latest URLs. Click here.
(Note that Eric is currently out of town so I’m not sure it’s being updated as frequently.)
Of course, the first solution/workaround was to unregister the dll that reads WMF files… (among other images)… REGSVR32 /U SHIMGVW.DLL from the command line (or start…run…)