Re: [Full-disclosure] WMF round-up, updates and de-mystification

[InfoSecBOFH <infosecbofh@xxxxxxxxx>]

Sorry Dick.  Not FUD but Fact.

The patch, if you are stupid enough to trust a third party patch in
the first place, is not perfect.  So tell me again why I should share
why?  Just wait for and trust your MS patch.. come on.. .would I lie
to you?  :P

On 1/3/06, Richard M. Smith <rms@xxxxxxxxxxxxxxxxxxxx> wrote:
> Why the FUD?  Under what circumstances are you aware the patch doesn't work?
> Hoarding information isn't very helpful in a situation like this.  Are we
> talking about .5%, 5%, or 50% failure mode for the patch?  How does the
> failure mode of the patch compare to Microsoft's solution of killing the
> Microsoft Picture/FAX viewer which also has its limitations.  (Example,
> someone is using a different viewer program for .WMF files that also has the
> flaw.)
>
> Richard
>
> -----Original Message-----
> From: InfoSecBOFH [mailto:infosecbofh@xxxxxxxxx]
> Sent: Tuesday, January 03, 2006 6:35 AM
> To: Gadi Evron
> Cc: bugtraq@xxxxxxxxxxxxxxxxx; FunSec [List];
> full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification
>
> So this patch is trusted because you said so?
>
> I have tested and confirmed that this patch only works in specific
> scnenarios and does not mitigate the entire issue.  Variations still work.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/