funsec mailing list archives
RE: Re[4]: Ilfak's WMF patch
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 2 Jan 2006 10:18:55 -0500
Ilfak, First off, thanks for putting this .WMF patch together. It's very useful. I also have a technical question about .WMF files. If a .WMF is directly displayed by Internet Explorer using an <img src=> tag, why isn't the SETABORT escape sequence being executed? Is IE filtering out these escape sequences already? Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Ilfak Guilfanov Sent: Monday, January 02, 2006 8:28 AM To: funsec () linuxbox org Subject: Re[4]: [funsec] Ilfak's WMF patch Monday, January 2, 2006, 1:49:58 PM, you wrote: LS> Have you considered whether Windows EMF files, the 32-bit metafile LS> version, might also be vulnerable? I suspect if they were we would LS> have heard by now, but there are so many similarities in the formats LS> (http://wvware.sourceforge.net/caolan/ora-wmf.html) It is very unlikely that EMF files are vulnerable (at least not in the the same way as WMF files). While EMF and WMF serve the same purpose, their designs are completely different: the file header, record types, and the functionality apparently have been redesigned from the scratch. OTOH, EMF is still a sequence of instructions to GDI. If there is a problem with a GDI function, it can be exploited by a special EMF file but I personally doubt there is any. -- Best regards, Ilfak mailto:ig () datarescue be _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Ilfak's WMF patch, (continued)
- RE: Ilfak's WMF patch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 02)
- Re: Ilfak's WMF patch Pierre Vandevenne (Jan 01)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re: Ilfak's WMF patch Valdis . Kletnieks (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re[2]: Ilfak's WMF patch Ilfak Guilfanov (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- RE: Re[2]: Ilfak's WMF patch Larry Seltzer (Jan 02)
- Re[4]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- RE: Re[4]: Ilfak's WMF patch Richard M. Smith (Jan 02)
- Re[6]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- Re: Re[4]: Ilfak's WMF patch Valdis . Kletnieks (Jan 02)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 01)
- Re: Ilfak's WMF patch v. Microsoft's solution Matthew Murphy (Jan 01)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Hank Nussbacher (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- Re: Ilfak's WMF patch v. Microsoft's solution Alex Shipp (elist) (Jan 03)
- RE: Ilfak's WMF patch v. Microsoft's solution Larry Seltzer (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)