funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re[4]: Ilfak's WMF patch

From: Ilfak Guilfanov <ig () datarescue be>
Date: Mon, 2 Jan 2006 14:28:03 +0100

Monday, January 2, 2006, 1:49:58 PM, you wrote:

LS> Have you considered whether Windows EMF files, the 32-bit metafile version,
LS> might also be vulnerable? I suspect if they were we would have heard by now,
LS> but there are so many similarities in the formats
LS> (http://wvware.sourceforge.net/caolan/ora-wmf.html)

It is very unlikely that EMF files are vulnerable (at least not in the
the same way as WMF files). While EMF and WMF serve the same purpose,
their designs are completely different: the file header, record types,
and the functionality apparently have been redesigned from the
scratch.

OTOH, EMF is still a sequence of instructions to GDI. If there is a
problem with a GDI function, it can be exploited by a special EMF
file but I personally doubt there is any.

--
Best regards,
 Ilfak                            mailto:ig () datarescue be

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: