Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WMF round-up, updates and de-mystification

From: InfoSecBOFH <infosecbofh () gmail com>
Date: Thu, 5 Jan 2006 04:02:13 -0800
Sorry Dick.  Not FUD but Fact.

The patch, if you are stupid enough to trust a third party patch in
the first place, is not perfect.  So tell me again why I should share
why?  Just wait for and trust your MS patch.. come on.. .would I lie
to you?  :P

On 1/3/06, Richard M. Smith <rms () computerbytesman com> wrote:

Why the FUD?  Under what circumstances are you aware the patch doesn't work?
Hoarding information isn't very helpful in a situation like this.  Are we
talking about .5%, 5%, or 50% failure mode for the patch?  How does the
failure mode of the patch compare to Microsoft's solution of killing the
Microsoft Picture/FAX viewer which also has its limitations.  (Example,
someone is using a different viewer program for .WMF files that also has the
flaw.)

Richard

-----Original Message-----
From: InfoSecBOFH [mailto:infosecbofh () gmail com]
Sent: Tuesday, January 03, 2006 6:35 AM
To: Gadi Evron
Cc: bugtraq () securityfocus com; FunSec [List];
full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification

So this patch is trusted because you said so?

I have tested and confirmed that this patch only works in specific
scnenarios and does not mitigate the entire issue.  Variations still work.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: