Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.

https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

WMF vulnerability in Windows - affect image files.

Capt'n Midnight · 2005-12-30 19:20:19

http://secunia.com/advisories/18255/ nothing new in this, image file exploits in windows have been unforgivable. IE 5 couldn't even show BMP's Also the renaming of the extensions not protecting you is hardly new. Remember the way word macro viruses were executed in files saved as .rtf ? But could someone patent the cure of…

30-12-2005 07:20PM

#1

Capt'n Midnight

Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 96,198 Mod ✭✭✭✭

Join Date: March 2003

Posts: 94435

http://secunia.com/advisories/18255/

This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.

nothing new in this, image file exploits in windows have been unforgivable. IE 5 couldn't even show BMP's

Also the renaming of the extensions not protecting you is hardly new. Remember the way word macro viruses were executed in files saved as .rtf ?

But could someone patent the cure of such a disease ?
If the person who found the original exploit had patented a generalised fix for it "a method to prevent arbitrary user-defined function to be executed when the rendering of a graphical file fails by .... "

1. announce the patent.
2. Let others then recreate the exploit.
3. wait until everyone depoys a patch
4. sue based on earlier patent , just like the LZW/GIF and MP3
5. profit.

BTW: the best bit is in the USA they would still have about 50 weeks to retrospectively register the patent - nice legal sting

0