funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Are Office document files also an attack vector for the.WMF flaw?

From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Thu, 29 Dec 2005 22:40:53 +0100
Hi Richard,

Correct, as long as the MWF files is being parsed by Microsoft Windows
Picture and Fax Viewer (SHIMGVW.DLL), and in this case it will, potentiel
hostile code nested inside the WMF, will get executed into memory.

Regards
Peter   

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Richard M. Smith
Sent: 29. december 2005 16:34
To: funsec () linuxbox org
Subject: [funsec] Are Office document files also an attack vector for
the.WMF flaw?

I suspect that a booby-trapped .WMF file can be embedded in Office files
(Word, Excel, PowerPoint, ....) and will auto-execute when a document file
is opened.  
 
Richard M. Smith
http:/www.ComputerBytesMan.com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: