Trojan-Downloader.Win32.Agent.acd is a Windows Metafile (WMF) file which exploits a vulnerability allowing the download and execution of an EXE file from a remote URL.
There's a new zero-day vulnerability related to Windows' image rendering - namely WMF files (Windows Metafiles). Trojan downloaders, available from unionseek.com, have been actively exploiting this vulnerability.
Right now, fully patched Windows XP SP2 machines machines are vulnerable, with no known patch.
The exploit is currently being used to distribute the following threats:
Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev
Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file.
Microsoft release patch (KB912919) for WMF-vulnerability fixi!
Security Update for Windows XP (KB912919)
Date last published: 1/5/2006
Typical download size: 196 KB
A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
You can download KB912919 official patch from Microsoft web-site.
