Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re[2]: test this

From: Benjamin Franz <snowhare () nihongo org>
Date: Thu, 29 Dec 2005 10:02:23 -0800 (PST)
On Thu, 29 Dec 2005, Peter Ferrie wrote:
Perhaps you should read about it on Microsoft's site. It's not a buffer overflow. WMF files since at least Windows 3.0 days have been allowed to carry executable code in the form of their own SetAbortProc handler. This is perfectly legitimate, though the design is a poor one. The only thing that has changed is the code that is being executed. 

8^) p.


So, in essence, Broken As Designed.
Mix in a generous helping of 'type sniffing' by MS so that you can name WMF files .gif or .jpg or some other random suffix and you have one hell of a problem that can only really be completely fixed by MS releasing a patch to kill execution of embedded executable code in WMF files. 

Just lovely. :(

--
Benjamin Franz

The designer of a new kind of system must participate fully in the implementation.

                                                         - Donald E. Knuth
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: