[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[2]: [Full-disclosure] test this

To: Peter Ferrie <pferrie@xxxxxxxxxxxx>
Subject: RE: Re[2]: [Full-disclosure] test this
From: Benjamin Franz <snowhare@xxxxxxxxxxx>
Date: Thu, 29 Dec 2005 10:02:23 -0800 (PST)

On Thu, 29 Dec 2005, Peter Ferrie wrote:

Perhaps you should read about it on Microsoft's site. It's not a buffer overflow. WMF files since at least Windows 3.0 days have been allowed to carry executable code in the form of their own SetAbortProc handler. This is perfectly legitimate, though the design is a poor one. The only thing that has changed is the code that is being executed.

8^) p.


So, in essence, Broken As Designed.

Mix in a generous helping of 'type sniffing' by MS so that you can name WMF files .gif or .jpg or some other random suffix and you have one hell of a problem that can only really be completely fixed by MS releasing a patch to kill execution of embedded executable code in WMF files.

Just lovely. :(

--
Benjamin Franz

The designer of a new kind of system must participate fully in the 
implementation.

                                                         - Donald E. Knuth
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] test this
  - From: Michael Holstein

References:
- RE: Re[2]: [Full-disclosure] test this
  - From: Todd Towles
- RE: Re[2]: [Full-disclosure] test this
  - From: Peter Ferrie

Prev by Date: RE: Re[2]: [Full-disclosure] test this
Next by Date: Re: [Full-disclosure] test this
Previous by thread: RE: Re[2]: [Full-disclosure] test this
Next by thread: Re: [Full-disclosure] test this
Index(es):
- Date
- Thread