Re: exploiting MS08-021

[Florian Weimer <fweimer () bfk de>]

* Richard M. Smith:

> Here's my new question: Can WMF images and auto-executing exploit
> code be embedded in Word, Excel, and PowerPoint files?

WMF used to be the presentation format for OLE objects (maybe it still
is, I haven't been following Windows API evolution closely for about a
decade), which can be contained in Office documents, of course.  I'm
sure you can't get rid of that use of WMF for backwards compatible
reasons.  It's also likely that it's part of OOXML in some form.

However, it does surprise me that this particular area of the Windows
code base is so difficult to fix.  Once you plug the device escapes,
it should be fairly self-contained.  There might be some
font-rendering issues, but exploitation of those should be
driver-specific.

-- 
Florian Weimer                <fweimer () bfk de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.