lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <43FB1967D03EC7449A77FA91322E3648144077@SVL1XCHCLUPIN02.enterprise.veritas.com>
Date: Sun Jan 15 22:22:17 2006
From: pferrie at symantec.com (Peter Ferrie)
Subject: Steve Gibson smokes crack?

>> The file must not begin with the placeable (aka Aldus) meta file
>> header.  If it does begin with that, then the function is ignored,
>> and Windows continues to parse the file.
>> This is why Windows 9x, NT, and 2000, do not execute anything from
>> within Internet Explorer, for example - they do not support WMF
>> files without the Aldus header.
>
>Ahh, perfect!  Thanks Peter that clears up a lot for me.  In fact does
>this also infer that all you need is a "crapped" up pluggable viewer
>for IE on Windows 9x, etc. to exploit this flaw on one of those O/Ss?
 
Yes, that's all you need.  The functionality is all there, there's
just no default method to trigger it.

>Does this further indicate that Office 98 and other M$ Office versions
>that run on the ealier O/Ss and support the WMF mapping are
>'vulnerable' to exploitation - still ?

That one remains unclear, since it depends on how the device context
is created for displaying the file.  Office might treat embedded WMF
files as though they are placeable, in which case it's not vulnerable.
I haven't had time yet to investigate.
 
8^) p.
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ