Full Disclosure mailing list archives
Re: test this
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Thu, 29 Dec 2005 13:20:27 -0500
Mix in a generous helping of 'type sniffing' by MS so that you can name WMF files .gif or .jpg or some other random suffix and you have one hell of a problem that can only really be completely fixed by MS releasing a patch to kill execution of embedded executable code in WMF files.
Has anyone tested the renamed .wmf -> .jpg trick and embedding the image in a HTML email (using Outlook, et.al) ?
That'd make it even nastier. /mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: test this, (continued)
- Re: test this Matt Ostiguy (Dec 28)
- Re: test this Valdis Shkesters (Dec 28)
- Re: test this Thierry Zoller (Dec 28)
- Re[2]: test this Thierry Zoller (Dec 28)
- RE: test this Todd Towles (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- Re: Re[2]: test this Valdis Shkesters (Dec 29)
- RE: Re[2]: test this Peter Ferrie (Dec 29)
- RE: Re[2]: test this Benjamin Franz (Dec 29)
- Re: test this Michael Holstein (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)