Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

sihimgvw.dll

sihimgvw.dll – Here is the scoop on Windows Picture and Fax Viewer Library as it pertains to computer network security. The big question: what is sihimgvw.dll and is it spyware, a trojan and if so, how do I get rid of Windows Picture and Fax Viewer Library?

sihimgvw.dll (Windows Picture and Fax Viewer Library) – Details

The shimgvw.dll library is required by windows and is used when displaying images and/or faxes. If shimgvw.dll is unavailable, windows may not be able to display faxes or images. If this is not a problem for you, you can safely remove this file.

On December 28, 2005 Microsoft released the Microsoft Security Advisory (912840), WMF exploit, which covers a vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

There have been public reports of vulnerability in the Windows shimgvw.dll file and the exploit is now floating around the net. The WMF Exploit could allow an attacker to execute arbitrary code on the user’s system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site.

The “SHIMGVW.DLL” is used for rendering Windows Metafiles (WMF) can reportedly be called whenever Windows attempts to display non-metafile images. This means that a malicious email could also exploit this vulnerability!

SHIMGVW.DLL PATCH

What should you do for now? Below are a few suggestions

To disable the WMF vulnerability, security advisory 912840:

  • Logon as an administrative user (user with administrative privileges).
  • Click the Windows “Start” button and select “Run”
  • Enter the following text into the “Open” field:
    regsvr32 -u %windir%\system32\shimgvw.dll
    – You can copy and paste the command above into the “Open” field.

  • Click “OK” to unregister the vulnerable DLL.

Although not necessary, it would not hurt to reboot your computer and clear memory.

Enable SHIMGVW.DLL

If you need to enable shimgvw.dll, simply do the following:

  • Logon as an administrative user (user with administrative privileges).
  • Click the Windows “Start” button and select “Run”
  • Enter the following text into the “Open” field:
    regsvr32 %windir%\system32\shimgvw.dll
    – You can copy and paste the command above into the “Open” field.

  • Click “OK” to unregister the vulnerable DLL.

Microsoft’s WMF Vulnerability announcement stated that in an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. Many reports claim that this not entirely accurate and the user only needs to receive the email attachment to exploit the shimgvw.

Impact of WMF Exploit Workaround: Windows Picture and Fax Viewer may no longer execute when the user clicks on a link to an image type that is associated with the Windows Picture and Fax Viewer.

You should also use our free security audit to make sure your system is secure.

Other sources of information on the WMF Exploit are listed below:

http://secunia.com/advisories/18255/
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
http://www.securityfocus.com/bid/16074/info

SIHIMGVW.DLL – Disclaimer

Every attempt has been made to provide you with the correct information for sihimgvw.dll or WINDOWS PICTURE AND FAX VIEWER LIBRARY. Many spyware / malware programs use filenames of usual, non-malware programs. If we have included information about sihimgvw.dll that is inaccurate, we would greatly appreciate your help by leaving a comment with the correct information below and we’ll do our best to correct it.

You should verify the accuracy of information we provided about sihimgvw.dll.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *