funsec mailing list archives
Re: WMF Vulnerable Systems
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Mon, 02 Jan 2006 20:09:51 -0800
From: "Larry Seltzer" <larry () larryseltzer com> Date sent: Mon, 2 Jan 2006 21:48:03 -0500
I just created a fresh Windows 98SE system, no updates. Of course it doesn't have Picture and Fax Viewer, but I opened a known-malicious WMF file with Paint and got this message:
I'd suspect that Paint is a bad choice. Since it has to deal with the graphics themselves, it is far less likely to rely on an external system call to render them, and, in any case, would want to read the file first to ensure that it could deal with it, before rendering it. Would have expected better with IE, but not if it wasn't associated. Have you tried viewing the file with XNView or similar viewer? ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () sun soci niu edu Allowing an unimportant mistake to pass without comment is a wonderful social grace. - Judith Martin http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- WMF Exploits overview draft Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 02)
- WMF Vulnerable Systems Larry Seltzer (Jan 02)
- RE: WMF Vulnerable Systems Larry Seltzer (Jan 02)
- RE: WMF Vulnerable Systems Richard M. Smith (Jan 02)
- RE: WMF Vulnerable Systems Larry Seltzer (Jan 02)
- RE: WMF Vulnerable Systems Larry Seltzer (Jan 02)
- RE: WMF Vulnerable Systems Larry Seltzer (Jan 02)
- RE: WMF Vulnerable Systems Larry Seltzer (Jan 02)
- WMF Vulnerable Systems Larry Seltzer (Jan 02)