On Wed, Jan 04, 2006 at 07:34:55PM -0900, Jim Gribbin wrote:
> From what I've read, actually displaying the image isn't necessary. I
> understand that if you're using Google Desktop and it just indexes the
> file - you've been had or if you use Windows Explorer to look at the
> directory it's in - likewise had.
Basically, the problem is that Windows Meta Files (.wmfs) have the
ability to run some code if an error occurs; this is a feature, albeit a
bloody stupid one.
If you convince windows to try to render a malicious .wmf (say, one that
errors on purpose, then does something fun), you can nail somebody.
The _really_ fun part is that if I put a .wmf on a website, but call it
a .jpg, windows still figures out what I "meant" and calls the wmf
renderer on it.
This is why getting anywhere near the image is bad for you: anything
that calls the wmf-rendering DLL is vulnerable.
Which is also why it's so hard to patch; they have to find a way to make
a "feature" go away without breaking things.
--Mac
-- Julian "Mac" Mason mac@cs.hmc.edu Computer Science '06 (310)-882-8068 Harvey Mudd College -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SunOS) iD8DBQFDvNnC1AphoTGXiN0RAlecAJ4hpfQBTO2L6nHbcc4tIFy7Q44u4wCfRD+g gaGVAwVjL4DMcRKfGcChvs8= =Ff8K -----END PGP SIGNATURE----- --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Wed Jan 4 23:33:37 2006
This archive was generated by hypermail 2.1.8 : Wed Jan 04 2006 - 23:33:37 AKST