Re: Interview: Ilfak Guilfanov

[rms () computerbytesman com]

Good interview, but I'm still left wondering why Internet Explorer won't
execute malicuous code when it directly displays a booby-trapped .WMF file
as opposed to the Windows picture/FAX viewer which will execute the
malicous code.  Since both programs presumably use gdi32.dll to display a
.WMF file, why is there be a difference in behavour?

Richard


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> With all the misinformation and theorizing going around, I figured the
> community might be interested in some... you know, accurate information.
>  It's really refreshing, sometimes.
>
> So, SecuriTeam blogs has posted an interview with Ilfak Guilfanov
> (author of the interim fix for the WMF vulnerability) about all things
> WMF.  We covered in detail, three main topics:
>
>     * The nature of the vulnerability
>     * The details of Ilfak's interim fix
>     * The other workarounds that are available
>
> The URL for that blog post is:
> http://blogs.securiteam.com/index.php/archives/176
>
> A big thanks is in order to Ilfak for taking the time to do the interview.
>
> - --
> "Social Darwinism: Try to make something idiot-proof,
> nature will provide you with a better idiot."
>
>                                 -- Michael Holstein
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iD8DBQFDvDddfp4vUrVETTgRA5B0AKDPA0eIs7k7q7r6pJ3n8WiB4s9v7wCfYAea
> uy8rtwdPy0ZWYbV/i/Yke+Q=
> =T46q
> -----END PGP SIGNATURE-----
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.