A working WMF exploit download generator was published to the public. The exploit code was posted in FrSIRT and it can also be found in www.milworm.com. To our valued customers, we are confident that Trend’s EXPL_WMF.GEN pattern can detect each generated malicious WMF file. If by chance you got a hold of an undetected malicious WMF file, feel free to give us sample so that a pattern can be created or improved EXPL_WMF.GEN pattern will be done to detect the malicious file.
Moreover, this WMF generator can be used by “script kiddies”, and its impact to unpatched machines can be very destructive (depending on the payload intended by the attacker). It is recommended that unpatched machines from MS06-001 should apply the security fix available at Microsoft to avoid attacks exploiting this vulnerability. Trend Micro customer’s are also advised to update their patterns files regularly to have added protection and resistance that you need.
