You may have third party software installed to view image files which includes .wmf files and some other video/audio file formats. One software freely available and is used by many is the IrfanView. I installed the latest version; version 3.98, which comes with an application which is IrfanView Thumbnails where we can view IrfanView’s supported file formats in a Windows Explorer like interface. From curiosity, I tried viewing the malicious wmf files using the said application. It’s surprising that the malicious codes found in the wmf files were executed and I got infected with malwares downloaded by the wmf file.
And also, by default, wmf files will be opened in IrfanView after installing the software. And that viewing the malicious wmf file in IrfanView will execute the malicious codes found in the file.
Thus, as a word of caution, don’t just open or view unsolicited wmf files. When using Internet Explorer, you may do the temporary solution suggested in a previous blog posted. Click here to access the said blog entry. Always update your pattern files. Pattern files can be downloaded from the links found in http://www.trendmicro.com/download/pattern.asp.
Another work-arround as suggested by Microsoft is to un-register the Windows Picture and Fax Viewer(Shimgvw.dll) quoted below.
To un-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type “regsvr32 -u %windir%system32shimgvw.dll” (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Microsoft’s Advisory can be found here.