Bugtraq mailing list archives

RE: WMF browser-ish exploit vectors

From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Thu, 5 Jan 2006 17:36:47 -0500

Dave Korn wrote

Have you tried giving it a mpg/avi/wma/wmv extension and getting
it to open in a (perhaps embedded) mediaplayer?  That's liable to
work as well; mediaplayer is also vulnerable to the

choose-an-app-based-on-extension/app-loads-a-viewer-based-on-actual-content

desynchronisation attack...


I have seen at least one cached .wmz (Windows Media Player Skin) file
trigger AV alerts for the WMF exploit (Symantec Bloodhound.Exploit.56) after
having been opened in WMP10.

Current thread:

Re: WMF browser-ish exploit vectors Nick FitzGerald (Jan 04)
- <Possible follow-ups>
- Re: WMF browser-ish exploit vectors Dave Korn (Jan 05)
  - RE: WMF browser-ish exploit vectors James C Slora Jr (Jan 05)