funsec mailing list archives
Is the WMF Exploit exploitable for HTML email?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 28 Dec 2005 17:53:02 -0500
The attached email message was just sent via Bugtraq. Does this mean that a .WMF file can be played by giving it a .GIF extentsion and referencing the GIF file from an HTML <img src=> tag? If so, will this same trick work in an HTML email reader that has scripting turned off, but images are turned on? Richard -----Original Message----- From: davidribyrne () yahoo com [mailto:davidribyrne () yahoo com] Sent: Wednesday, December 28, 2005 4:52 PM To: bugtraq () securityfocus com Subject: WMF Exploit I apologize if this information has already been posted; I haven't been able to read all the posts today. Many of the exploit descriptions that I've seen reference .WMF files. Like prior GDI exploits, this isn't strictly true. If the exploit file is named with another graphics extension (i.e. .gif, .jpg, .png, .tif), the GDI library will still read it correctly as a WMF file and execute the exploit. As a result, all common graphics files can carry the exploit. David Byrne _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Is the WMF Exploit exploitable for HTML email? Richard M. Smith (Dec 28)