RE: [Full-disclosure] WMF round-up, updates and de-mystification

["Richard M. Smith" <rms () computerbytesman com>]

Why the FUD?  Under what circumstances are you aware the patch doesn't work?
Hoarding information isn't very helpful in a situation like this.  Are we
talking about .5%, 5%, or 50% failure mode for the patch?  How does the
failure mode of the patch compare to Microsoft's solution of killing the
Microsoft Picture/FAX viewer which also has its limitations.  (Example,
someone is using a different viewer program for .WMF files that also has the
flaw.)

Richard 

-----Original Message-----
From: InfoSecBOFH [mailto:infosecbofh () gmail com] 
Sent: Tuesday, January 03, 2006 6:35 AM
To: Gadi Evron
Cc: bugtraq () securityfocus com; FunSec [List];
full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification

So this patch is trusted because you said so?

I have tested and confirmed that this patch only works in specific
scnenarios and does not mitigate the entire issue.  Variations still work.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.