[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE[Full-disclosure] WMF Risk Analysis for Win9X anyone ?

To: "Peter Ferrie" <pferrie@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: RE[Full-disclosure] WMF Risk Analysis for Win9X anyone ?
From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
Date: Fri, 6 Jan 2006 13:53:52 -0600

 
> The same as for Windows NT and 2000 - files without the 
> placeable header will not display automatically in 
> applications such as Internet Explorer, and files with the 
> placeable header are not allowed to call the vulnerable function.
> However, applications other than Internet Explorer, which do 
> recognise files without the placeable header, can call 
> directly into the GDI!PlayMetaFile() function, which will 
> eventually call into the vulnerable function.

ESET did provide a WMF patch as well. As far as I can remember this did
work for Windows 98 and ME. But they have since removed the patch.
Anyone got a copy laying around for out Win9x users? Lol

-Todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
Next by Date: Re: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
Previous by thread: RE: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
Next by thread: [Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread