Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

WMF vulnerability in Windows - affect image files.

  • 30-12-2005 7:20pm
    #1
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭


    http://secunia.com/advisories/18255/
    This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

    The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

    NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.
    nothing new in this, image file exploits in windows have been unforgivable. IE 5 couldn't even show BMP's

    Also the renaming of the extensions not protecting you is hardly new. Remember the way word macro viruses were executed in files saved as .rtf ?

    But could someone patent the cure of such a disease ?
    If the person who found the original exploit had patented a generalised fix for it "a method to prevent arbitrary user-defined function to be executed when the rendering of a graphical file fails by .... "

    1. announce the patent.
    2. Let others then recreate the exploit.
    3. wait until everyone depoys a patch
    4. sue based on earlier patent , just like the LZW/GIF and MP3
    5. profit.

    BTW: the best bit is in the USA they would still have about 50 weeks to retrospectively register the patent - nice legal sting


Advertisement