って書いた鼻から、SANSにだめかもって、情報が

WindowsXPはファイルをMagicBytesで判断するので、違う拡張子が現れる可能性があると・・・

Update 23:19 UTC: Not that we didn't have enough "good" news already, but if you are relying on perimeter filters to block files with WMF extension from reaching your browser, you might have a surprise waiting for you. Windows XP will detect and process a WMF file based on its content ("magic bytes") and not rely on the extension alone, which means that a WMF sailing in disguise with a different extension might still be able to get you.

Microsoft Windows メタファイル処理の脆弱性に関する注意喚起(JPCERT)

JVNTA05-362A Microsoft Windows の Windows メタファイルハンドラにバッファオーバフローの脆弱性

http://www.cyberpolice.go.jp/important/2005/20051229_180145.html

根本解決を急がなきゃ・・・（regserveもいいけど）

Working exploit code is widely available, and has also been published by FRSIRT and the Metasploit Framework.

(MSアドバイザリーの回避策に書かれてたのか）

Update 23:00 UTC: The vulnerability seems to be within SHIMGVW.DLL. Unregistering this DLL (type REGSVR32 /U SHIMGVW.DLL at the command prompt or in the "Start->Run" Window, then reboot) will resolve most of the vulnerability, but will also break your Windows "Picture and Fax Viewer", as well as any ability of programs like "Paint" and "Explorer" to display thumbnails of any picture and real (benign) WMF files.