funsec mailing list archives
Looking at the WMF issue, how did it get there?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 16 Jan 2006 08:58:38 -0500
http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx Looking at the WMF issue, how did it get there? Hi everyone, Stephen Toulouse here. Now that the monthly release has passed and people are deploying the updates I wanted to take a moment to discuss some things related to questions we've been receiving on the recent WMF issue. (Which was addressed in MS06-001). One question we've gotten is about SetAbortProc , the function that allows printing jobs to be cancelled. Specifically people are wondering about how the vulnerability was present. Bear with me, I'm going to get rather technical here in the interests of clearly pointing it out. The long story short is that the vulnerability can be triggered with either correct OR incorrect metafile record size values, there seems to have been some confusion on that point. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Looking at the WMF issue, how did it get there? Richard M. Smith (Jan 16)