Recently an exploit was found out in the wild by a researcher on the Bugtraq mailing list. It involves specially crafted WMF (Windows Meta Fils), which when parsed by Windows XP, causes Windows to execute program code. When it was found by the researcher on the internet, it was presented on a webpage that included a WMF image file in the HTML source code. The file in turn successfully installed a trojan onto a fully-patched Windows XP SP2 system.
Another researcher on the Bugtraq mailing list has discovered that because windows recognizes files by parsing file headers, the malicious WMF file could be renamed with other image extensions ( i.e. .jpg, .jpeg, .gif, .png, etc.) and Windows will still parse it as a WMF file. Thus, it is possible for a user with malicious intentions to post images to our forums (or to any websites that displays user-submitted images) and cause damage to other forum users.
Therefore, we will temporarily convert all user-posted images on the forums to links until a patch is released by Microsoft. Since there will always be people who can't / won't update their machines for various reasons (laziness, warezed windows install, they're on dialup, etc.), this temporary measure only helps to stop the initial wave of exploiters and give users a chance to be exposed to news of the problem and a chance to patch their system.
Up-to-date information can be found at the following links:
*
*
*
*
*
*
CenturionZ_1
HG Angel
AoEH Staff
'In heaven an angel is nobody in particular.' - George Bernard Shaw
Age of Empires Heaven Agetoons About Me