WMF patch

• Previous message (by thread): WMF patch
• Next message (by thread): NANOG 36 Meeting Registration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:54 PM 1/5/2006, you wrote:
>Thanks Thomas, something really useful. One thing I am still curious 
>about, I read that there were other image formats can be used in an 
>exploit, GIF, .BMP, .JPG, .TIF  can also be used, according to 
>F-Secure. I find this a little confusing, if that dll only deals 
>with WMF file type then the exploit must not be directly connected 
>with that dll Or does that dll handle all of those as well?
>
>But then I found this http://www.pcworld.com/howto/article/0,aid,119993,00.asp
>
>Which makes sense. The way a lot of things I have been seeing go on 
>about this they act like WMF is the only format of issue and that 
>obviously is not at all true. I would have more likely ignored this 
>if it really was only WMF files and the MS patch a week or so away.

I believe Windows uses the file header/descriptor data as well as or 
instead of the extension to know how to handle images. Otherwise, 
simply renaming/blocking all WMF files would result in an effective 
mitigation method.

-Robert



Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin

• Previous message (by thread): WMF patch
• Next message (by thread): NANOG 36 Meeting Registration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]