Re: Interview: Ilfak Guilfanov

[rms () computerbytesman com]

Thanks.  Looks like I need to do some research starting with the HDM
tutorial.

With some of my experiments, I was also seeing some .WMF files which IE
would always display itself and not pass along to the picture/fax viewer.

Richard


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> rms () computerbytesman com wrote:
> > Good interview, but I'm still left wondering why Internet Explorer won't
> > execute malicuous code when it directly displays a booby-trapped .WMF
> > file
> > as opposed to the Windows picture/FAX viewer which will execute the
> > malicous code.  Since both programs presumably use gdi32.dll to display
> > a
> > .WMF file, why is there be a difference in behavour?
> >
> > Richard
>
> HDM's tutorial would appear to explain this.  IE is only capable of
> displaying WMFs with certain optional headers preceding their content.
> These same optional headers take the WMF *out of the context* where
> escapes can be used.  This disables, among other things (and there's a
> basketful of "other things") SETABORT.  At least, that's how I
> understand it.
>
> - --
> "Social Darwinism: Try to make something idiot-proof,
> nature will provide you with a better idiot."
>
>                                 -- Michael Holstein
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iD8DBQFDvd2Vfp4vUrVETTgRA4FAAJ9ctVsSxzW0T28xWMX63MLf4MIsngCeIpWP
> MdvxAGJjNThjP9NEzYBh9jg=
> =Y9S9
> -----END PGP SIGNATURE-----
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.