Re: WMF gunshy

From: Jim Gribbin <jim@jimgribbin.com>
Date: Thu Jan 05 2006 - 01:44:55 AKST

I read something about it being something to abort printing originally.
Maybe some sort of early copy/print protection?!? I got the impression
it was something that could be put in the graphic file to abort
printing.

I also saw something about legacy code from Windows 3.0 (or somesuch). I
thought they got rid of all that.

Damm. It feel good to be away from the office and off windoze!!!!

Jim Gribbin

On Thu, 2006-01-05 at 00:33 -0800, Mac Mason wrote:
> On Wed, Jan 04, 2006 at 07:34:55PM -0900, Jim Gribbin wrote:
> > From what I've read, actually displaying the image isn't necessary. I
> > understand that if you're using Google Desktop and it just indexes the
> > file - you've been had or if you use Windows Explorer to look at the
> > directory it's in - likewise had.
> Basically, the problem is that Windows Meta Files (.wmfs) have the
> ability to run some code if an error occurs; this is a feature, albeit a
> bloody stupid one.
>
> If you convince windows to try to render a malicious .wmf (say, one that
> errors on purpose, then does something fun), you can nail somebody.
>
> The _really_ fun part is that if I put a .wmf on a website, but call it
> a .jpg, windows still figures out what I "meant" and calls the wmf
> renderer on it.
>
> This is why getting anywhere near the image is bad for you: anything
> that calls the wmf-rendering DLL is vulnerable.
>
> Which is also why it's so hard to patch; they have to find a way to make
> a "feature" go away without breaking things.
>
> --Mac
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jan 5 01:45:52 2006

This archive was generated by hypermail 2.1.8 : Thu Jan 05 2006 - 01:45:52 AKST