| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Jan 15 22:22:17 2006 From: pferrie at symantec.com (Peter Ferrie) Subject: Steve Gibson smokes crack? >> The file must not begin with the placeable (aka Aldus) meta file >> header. If it does begin with that, then the function is ignored, >> and Windows continues to parse the file. >> This is why Windows 9x, NT, and 2000, do not execute anything from >> within Internet Explorer, for example - they do not support WMF >> files without the Aldus header. > >Ahh, perfect! Thanks Peter that clears up a lot for me. In fact does >this also infer that all you need is a "crapped" up pluggable viewer >for IE on Windows 9x, etc. to exploit this flaw on one of those O/Ss? Yes, that's all you need. The functionality is all there, there's just no default method to trigger it. >Does this further indicate that Office 98 and other M$ Office versions >that run on the ealier O/Ss and support the WMF mapping are >'vulnerable' to exploitation - still ? That one remains unclear, since it depends on how the device context is created for displaying the file. Office might treat embedded WMF files as though they are placeable, in which case it's not vulnerable. I haven't had time yet to investigate. 8^) p.
Powered by blists - more mailing lists