[pmwiki-users] WMF vulnerability in Windows systems
Joachim Durchholz
jo at durchholz.org
Tue Jan 3 14:28:10 CST 2006
Robin schrieb:
> On Monday 02 January 2006 17:00, Patrick R. Michaud wrote:
>
>>There are literally millions of Windows systems vulnerable to this
>>exploit, and Microsoft has not yet provided a patch.
>
> Apparently they are providing a hotfix for this, as the next Patch Tuesday
> is a while away I think.
According to heise.de, Microsoft will include a patch with their regular
update on Jan 10th.
> In the interim, Windows users should either
> avoid using IE (preferably for good ;)
As Chris said, this doesn't protect. Anything that shows an image is
vulnerable (unless it refuses to show WMF, but I'm not aware of any
program that has such a policy in place).
> or do the DLL unregistering trick
> on that SANS page.
DLL unregistering isn't a complete safeguard, either.
Download Ilfak Guilfanov's patch from
http://isc.sans.org/diary.php?storyid=999 for the best currently known
patch.
> Whoever thought it was a good idea to design a file format that is a
> collection of GDI invocations allowing callbacks deserves to be slapped
> about with a wet trout anyway.
Well, it was designed at a time when viruses lived on floppy disk boot
sectors, and the Internet wasn't covering home computers.
The *real* problem is that capability-based security still isn't the
norm in current-day OSes.
Regards,
Jo
More information about the pmwiki-users
mailing list