Explorer.exe WMF Parsing Causes a DoS

Microsoft Windows Metafile Format (WMF) files are used to store both vector and bitmap-format graphical data in memory or in disk files. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface (GDI) commands. In the Window environment these commands are interpreted and played back on an output device using the Windows API PlayMetaFile() function. Bitmap data stored in a WMF file may be stored in the form of a Microsoft Device Dependent Bitmap (DDB), or Device Independent Bitmap (DIB).

Crafted .WMF file cause Explorer.exe to use 100% of CPU and can cause the system to hang until the Explorer.exe process is killed.

Vulnerable Systems:
 * Microsoft Windows XP SP1.  Other versions may be vulnerable as well.


Leave a Reply