WMF patch
Robert Boyle
robert at tellurian.com
Thu Jan 5 18:10:26 UTC 2006
At 12:54 PM 1/5/2006, you wrote:
>Thanks Thomas, something really useful. One thing I am still curious
>about, I read that there were other image formats can be used in an
>exploit, GIF, .BMP, .JPG, .TIF can also be used, according to
>F-Secure. I find this a little confusing, if that dll only deals
>with WMF file type then the exploit must not be directly connected
>with that dll Or does that dll handle all of those as well?
>
>But then I found this http://www.pcworld.com/howto/article/0,aid,119993,00.asp
>
>Which makes sense. The way a lot of things I have been seeing go on
>about this they act like WMF is the only format of issue and that
>obviously is not at all true. I would have more likely ignored this
>if it really was only WMF files and the MS patch a week or so away.
I believe Windows uses the file header/descriptor data as well as or
instead of the extension to know how to handle images. Otherwise,
simply renaming/blocking all WMF files would result in an effective
mitigation method.
-Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
More information about the NANOG
mailing list