Is the WMF Exploit exploitable for HTML email?

["Richard M. Smith" <rms () computerbytesman com>]

The attached email message was just sent via Bugtraq.  Does this mean that a
.WMF file can be played by giving it a .GIF extentsion and referencing the
GIF file from an HTML <img src=> tag?  If so, will this same trick work in
an HTML email reader that has scripting turned off, but images are turned
on?

Richard  

-----Original Message-----
From: davidribyrne () yahoo com [mailto:davidribyrne () yahoo com] 
Sent: Wednesday, December 28, 2005 4:52 PM
To: bugtraq () securityfocus com
Subject: WMF Exploit

I apologize if this information has already been posted; I haven't been able
to read all the posts today. Many of the exploit descriptions that I've seen
reference .WMF files. Like prior GDI exploits, this isn't strictly true. If
the exploit file is named with another graphics extension (i.e. .gif, .jpg,
.png, .tif), the GDI library will still read it correctly as a WMF file and
execute the exploit. As a result, all common graphics files can carry the
exploit.

David Byrne
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.