funsec mailing list archives
An Alternative Method of Fixing the WMF Vulnerability
From: "Fergie" <fergdawg () netzero net>
Date: Sat, 31 Dec 2005 18:35:33 GMT
Check this out... Via F-Secure. [snip] Here's an alternative way to fix the WMF vulnerability. Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system (all pictures and thumbnails continue to work normally). The fix works by injecting itself to all processes loading USER32.DLL. It patches the Escape() function in GDI32.DLL, revoking WMF's SETABORT escape sequence that is the root of the problem. Now, we wouldn't normally blog about a security patch that is not coming from the original vendor. But Ilfak Guilfanov isn't just anybody. He's the main author of IDA (Interactive Disassembler Pro) and is arguably one of the best low-level Windows experts in the world. [snip] http://www.f-secure.com/weblog/#00000756 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- An Alternative Method of Fixing the WMF Vulnerability Fergie (Dec 31)