In the wise words of Austin Murkland, on Friday 13 January 2006 20:30: > Can anyone else verify Steve Gibson's assertion that this flaw was > intentionally placed by Microsoft programmers? > > http://www.grc.com/sn/SN-022.htm From http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx: "Now, there’s been some speculation that you can only trigger this by using an incorrect size in your metafile record and that this trigger was somehow intentional. That speculation is wrong on both counts. The vulnerability can be triggered with correct or incorrect size values. If you are seeing that you can only trigger it with an incorrect value, it's probably because your SetAbortProc record is the last record in the metafile. The way this functionality works is by registering the callback to be called after the next metafile record is played. If the SetAbortProc record is the last record in the metafile, it will be more difficult to trigger the vulnerability." No, thus. HTH, Lionel P.S.: cross-posting is bad -- "To understand how progress failed to make our lives easier, please press 3" Lionel Ferette BELNET CERT Coordinator Tel: +32 2 7903385 http://cert.belnet.be/ Fax: +32 2 7903375 PGP Key Id: 0x5662FD4B
Attachment:
pgp94uNiCBFdH.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/