lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <007101c61aae$c163c250$0200a8c0@rms2>
Date: Mon, 16 Jan 2006 10:08:49 -0500
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: <bugtraq@...urityfocus.com>
Subject: Microsoft knew about the WMF flaw for years


Hi,

Stephen Toulouse writing in a Microsoft security blog has now confirmed that
the Microsoft has known about the WMF flaw for many years:

   Looking at the WMF issue, how did it get there?
   http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx

   "The potential danger of this type of metafile record was 
   recognized and some applications (Internet Explorer, notably) 
   will not process any metafile record of type META_ESCAPE, 
   the overall type of the SetAbortProc record."

   "The reason Windows 9x is not vulnerable to a "Critical" 
   attack vector is because an additional step exists in the Win9x 
   platform: When not printing to a printer, applications will 
   simply never process the SetAbortProc record."

This blog entry raises a number of important questions about Microsoft's
policy for handling security flaws in the Windows operating system:

   1.  Given the obvious dangers with SetAbortProc records, why
       didn't Microsoft simply disable the feature in the Windows
       operating system altogether and come up alternate for 
       aborting printing of WMF files?  Why were all the inadequate 
       work-arounds in application code pursued instead?

   2.  How come word about the dangers of the WMF file
       format did not make it to the Windows NT, 2000, and XP
       development teams as well as the team responsible for
       the Picture and FAX viewer?

   3.  Given the history of problems with WMF files, why
       hasn't support for them been removed from Internet
       Explorer?  Also shouldn't WMF files be marked in
       the registry as not safe-for-downloading?  

Richard M. Smith
http://www.ComputerBytesMan.com




 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ