In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Advisory: Guarding against the WMF vulnerability

The Windows Metafile (WMF) vulnerability uses WMF images to execute arbitrary code without the prior consent of the user. This exploit can be triggered by simply viewing such an image in indexing software, or as a Windows Explorer thumbnail. It is not necessary to manually open the affected image for the code to run.

In all versions of Sophos Anti-Virus you should add the following extensions:

wmf
jpg
jpeg

A knowledgebase article gives instructions on adding extensions to Sophos Anti-Virus.

Note: Adding file types to the extensions list can affect system performance.

• Microsoft has described this remote code execution vulnerability in Microsoft Security Advisory 912840.
• Microsoft has released a patch, linked to from MS06-001.

There is no need to make changes to your PureMessage configuration, as all versions of PureMessage scan all files by default.

If you need more information or guidance, then please contact technical support.

• Article ID: 14248
• Created: 4 Jan 2006
• Last updated: 27 Jan 2006

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement