Full Disclosure mailing list archives
Re: WMF Exploit
From: "Crist J. Clark" <cristjc () comcast net>
Date: Wed, 4 Jan 2006 15:27:48 -0800
On Wed, Jan 04, 2006 at 09:58:37AM -0600, Todd Towles wrote:
Ad wrote:I don't think because here win98 doesn't recognize the .wmf extension.Without installling a third-party image viewer, it is my understanding that pre-Windows 2000 OS are less vulnerable. But most people do have third-party image viewers installed and it is possible that these apps make the OS attackable.
IE 6 displayed WMF files on a test Win98 system just fine for me. Remember, just because when you double-click on a WMF file Windows Explorer doesn't know what to do with it does NOT mean that when presented to IE in an <img> tag, it won't. Even trying to open the file with IE doesn't mean anything. You need to try it in a webpage. For example, take your sample WMF, sample.wmf, and create a test page, wmf.htm, <html> <head> <title>WMF Rendering Test</title> <head> <body> The WMF image should appear below. <p> <img src="sample.wmf" alt="Not processed!"> </body> </html> And load that into IE. Works for me on Win98. -- Crist J. Clark | cjclark () alum mit edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WMF Exploit Colin Copley (Jan 03)
- Re: WMF Exploit Technica Forensis (Jan 04)
- Re: WMF Exploit ad () heapoverflow com (Jan 04)
- <Possible follow-ups>
- RE: WMF Exploit Todd Towles (Jan 04)
- Re: WMF Exploit Georgi Guninski (Jan 04)
- Re: WMF Exploit Crist J. Clark (Jan 04)
- Re: WMF Exploit H D Moore (Jan 04)
- RE: WMF Exploit Todd Towles (Jan 04)
- Re: WMF Exploit wac (Jan 11)
- RE: WMF Exploit Lauro, John (Jan 05)
- Re: WMF Exploit Georgi Guninski (Jan 04)
- Re: WMF Exploit Technica Forensis (Jan 04)