[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft patches WMF... Wine is still exploitable?
- To: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft patches WMF... Wine is still exploitable?
- From: Marcus Meissner <meissner@xxxxxxx>
- Date: Thu, 5 Jan 2006 22:30:28 +0100
On Thu, Jan 05, 2006 at 03:15:28PM -0600, H D Moore wrote:
> ---
> wine-20050930/dlls/gdi/driver.c
> ---
You have all the wrong places, this is all valid functionality.
You want this place:
dlls/gdi/metafile.c::PlayMetaFileRecord
...
case META_ESCAPE:
Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
break;
...
This call should use a whitelist of the valid GDI Escapes in metafiles.
Ciao, Marcus
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/