Hex Rays
Hex Rays Blog —  State of the art code analysis

WMF Vulnerability Checker

It seems that many users installed the hotfix for the WMF vulnerability on their machines.

The fix was first mentioned by F-Secure in their useful blog
http://www.f-secure.com/weblog
and its technical details were explained in precise detail by Steve Gibson (Thanks, Steve!)
http://www.grc.com/groups/securitynow:423
However, there is no safe way to tell if your system is vulnerable. Here is a small utility to address this problem. You can download it here.

When run, it displays this dialog box:

and then proceeds to testing.
If your system is vulnerable, you will see this dialog box:

and if your system is not vulnerable, another dialog box will be displayed:

Please note that when the second dialog box appears on the screen, it just means that this particular attack against your computer failed. There might be other attacks we are not aware of.
Do not use this check as a definite answer to the WMF vulnerability question. But if your system was vulnerable, it should be invulnerable after installing the hotfix and display the second dialog box. In other words you can use this checker as a means to verify that the hotfix is doing its job. One more word of caution: do not forget to reboot your computer after the installation. If you do not reboot it, the checker will tell you that the system is invulnerable while some system processes will still be.
I have tested the checker on XP SP2 and XP 64bit. If you try it on other machines, please let me know about the results.
Files: wmf_checker_hexblog.exe
wmf_checker_source.zip
UPDATE: New version which does not use a drop file. The checker is now small.

Go to top of page