funsec mailing list archives
Re: [Full-disclosure] WMF round-up, updates and de-mystification
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 05 Jan 2006 13:07:38 -0600
Please don't crosspost to other lists when posting to funsec. It introduces foreign bodies that infect the list.
--On January 5, 2006 4:02:13 AM -0800 InfoSecBOFH <infosecbofh () gmail com> wrote:
Sorry Dick. Not FUD but Fact. The patch, if you are stupid enough to trust a third party patch in the first place, is not perfect. So tell me again why I should share why? Just wait for and trust your MS patch.. come on.. .would I lie to you? :P On 1/3/06, Richard M. Smith <rms () computerbytesman com> wrote:Why the FUD? Under what circumstances are you aware the patch doesn't work? Hoarding information isn't very helpful in a situation like this. Are we talking about .5%, 5%, or 50% failure mode for the patch? How does the failure mode of the patch compare to Microsoft's solution of killing the Microsoft Picture/FAX viewer which also has its limitations. (Example, someone is using a different viewer program for .WMF files that also has the flaw.) Richard -----Original Message----- From: InfoSecBOFH [mailto:infosecbofh () gmail com] Sent: Tuesday, January 03, 2006 6:35 AM To: Gadi Evron Cc: bugtraq () securityfocus com; FunSec [List]; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification So this patch is trusted because you said so? I have tested and confirmed that this patch only works in specific scnenarios and does not mitigate the entire issue. Variations still work._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: [Full-disclosure] WMF round-up, updates and de-mystification Larry Seltzer (Jan 03)
- <Possible follow-ups>
- RE: [Full-disclosure] WMF round-up, updates and de-mystification Richard M. Smith (Jan 03)
- Message not available
- Re: [Full-disclosure] WMF round-up, updates and de-mystification Paul Schmehl (Jan 05)
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification Gadi Evron (Jan 05)
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification Blue Boar (Jan 05)
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification Gadi Evron (Jan 05)
- Message not available
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification Gadi Evron (Jan 05)
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification dudevanwinkle () gmail com (Jan 05)
- Re: Re: [Full-disclosure] WMF round-up, updates and de-mystification Gadi Evron (Jan 05)