Be Careful, because if anyone who still has an unprotected system thinks somehow this can save them, it is just as easy to create a payload to re-register, so it might be better if people use safe test files like this instead of thinking it's not possible to re-register this .dll via the same method:Originally posted here by Irongeek
I used H D Moore's "Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution" revision 1.12 Metasploit module to create a WMF file that automatically runs "regsvr32 -u shimgvw.dll" to counter the exploit. Clicking the link may run code on your computer or crash your browser if you are using IE so click with caution:
http://www.irongeek.com/i.php?page=security/counterwmf
More of a fun experiment than anything.
Current Test Files Located Here:
http://www.antionline.com/showthread...hreadid=273053
Reply With Quote