funsec mailing list archives
RE: Are Office document files also an attack vector for the.WMF flaw?
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 30 Dec 2005 13:38:54 -0500
I suspect that a booby-trapped .WMF file can be embedded in Office files
(Word, Excel, PowerPoint, ....) and will auto-execute when a document file is opened. There's a line about this in Microsoft's advisory (http://www.microsoft.com/technet/security/advisory/912840.mspx): "Windows Metafile (WMF) images can be embedded in other files such as Word documents. Am I vulnerable to an attack from this vector? No. While we are investigating the public postings which seek to utilize specially crafted WMF files through IE, we are looking thoroughly at all instances of WMF handling as part of our investigation. While we're not aware of any attempts to embed specially crafted WMF files in, for example Microsoft Word documents, our advice is to accept files only from trusted source would apply to any such attempts." OK, starts out with an emphatic "No" and then wooses out. Any new info on this? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Are Office document files also an attack vector for the .WMF flaw? Richard M. Smith (Dec 29)
- Re: Are Office document files also an attack vector for the .WMF flaw? Tom Van Vleck (Dec 29)
- RE: Are Office document files also an attack vector for the.WMF flaw? Peter Kruse (Dec 29)
- RE: Are Office document files also an attack vector for the.WMF flaw? Larry Seltzer (Dec 30)