funsec mailing list archives
Re: exploiting MS08-021
From: Florian Weimer <fweimer () bfk de>
Date: Tue, 15 Apr 2008 12:13:14 +0200
* Richard M. Smith:
Here's my new question: Can WMF images and auto-executing exploit code be embedded in Word, Excel, and PowerPoint files?
WMF used to be the presentation format for OLE objects (maybe it still is, I haven't been following Windows API evolution closely for about a decade), which can be contained in Office documents, of course. I'm sure you can't get rid of that use of WMF for backwards compatible reasons. It's also likely that it's part of OOXML in some form. However, it does surprise me that this particular area of the Windows code base is so difficult to fix. Once you plug the device escapes, it should be fairly self-contained. There might be some font-rendering issues, but exploitation of those should be driver-specific. -- Florian Weimer <fweimer () bfk de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Richard M. Smith (Apr 14)
- Re: exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Eric Sites (Apr 14)
- Re: exploiting MS08-021 Florian Weimer (Apr 15)
- Re: exploiting MS08-021 Larry Seltzer (Apr 14)
- <Possible follow-ups>
- Re: exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Paul Ferguson (Apr 14)
- Re: exploiting MS08-021 RandallMan (Apr 14)
- Re: exploiting MS08-021 Richard M. Smith (Apr 14)