lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Dec 29 18:02:34 2005
From: snowhare at nihongo.org (Benjamin Franz)
Subject: test this

On Thu, 29 Dec 2005, Peter Ferrie wrote:

> Perhaps you should read about it on Microsoft's site. It's not a buffer 
> overflow.  WMF files since at least Windows 3.0 days have been allowed 
> to carry executable code in the form of their own SetAbortProc handler. 
> This is perfectly legitimate, though the design is a poor one.  The only 
> thing that has changed is the code that is being executed.
>
> 8^) p.

So, in essence, Broken As Designed.

Mix in a generous helping of 'type sniffing' by MS so that you can name 
WMF files .gif or .jpg or some other random suffix and you have one hell 
of a problem that can only really be completely fixed by MS releasing a 
patch to kill execution of embedded executable code in WMF files.

Just lovely. :(

-- 
Benjamin Franz

The designer of a new kind of system must participate fully in the implementation.

                                                          - Donald E. Knuth

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ