funsec mailing list archives
Re: Interview: Ilfak Guilfanov
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Thu, 05 Jan 2006 21:01:41 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 rms () computerbytesman com wrote:
Good interview, but I'm still left wondering why Internet Explorer won't execute malicuous code when it directly displays a booby-trapped .WMF file as opposed to the Windows picture/FAX viewer which will execute the malicous code. Since both programs presumably use gdi32.dll to display a .WMF file, why is there be a difference in behavour? Richard
HDM's tutorial would appear to explain this. IE is only capable of displaying WMFs with certain optional headers preceding their content. These same optional headers take the WMF *out of the context* where escapes can be used. This disables, among other things (and there's a basketful of "other things") SETABORT. At least, that's how I understand it. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDvd2Vfp4vUrVETTgRA4FAAJ9ctVsSxzW0T28xWMX63MLf4MIsngCeIpWP MdvxAGJjNThjP9NEzYBh9jg= =Y9S9 -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Interview: Ilfak Guilfanov Matthew Murphy (Jan 04)
- Re: Interview: Ilfak Guilfanov rms (Jan 05)
- Re: Interview: Ilfak Guilfanov Matthew Murphy (Jan 05)
- Re: Interview: Ilfak Guilfanov rms (Jan 06)
- Re: Interview: Ilfak Guilfanov Matthew Murphy (Jan 05)
- <Possible follow-ups>
- RE: Interview: Ilfak Guilfanov Todd Towles (Jan 06)
- RE: Interview: Ilfak Guilfanov rms (Jan 06)
- Re: Interview: Ilfak Guilfanov rms (Jan 05)