McAfee has released a notice that Exploit-WMF is resulting in a high
volume of spam. It is traveling as a mail message with the following
characteristics:
Subject: Happy New Year
Body: picture of 2006
Attachment: HappyNewYear.jpg (actually a WMF file with a .JPG extension)
More information about Exploit-WMF is available from McAfee at:
http://vil.nai.com/vil/content/v_137760.htm
This exploit takes advantage of the meta file vulnerability I mentioned a
few days ago which permits the execution of a malicious .wmf file on
Windows machines. More information is available at:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33721http://www.microsoft.com/technet/security/advisory/912840.mspx
Please take precaution, don't open attachments you weren't expecting, even
if they arrive from people you know.
Questions or problems? Please contact CIT Helpline at 656-2604 or
http://www.uvm.edu/cit/help .