[pmwiki-users] WMF vulnerability in Windows systems

Joachim Durchholz jo at durchholz.org
Tue Jan 3 14:28:10 CST 2006


Robin schrieb:
> On Monday 02 January 2006 17:00, Patrick R. Michaud wrote:
> 
>>There are literally millions of Windows systems vulnerable to this
>>exploit, and Microsoft has not yet provided a patch.
> 
> Apparently they are providing a hotfix for this, as the next Patch Tuesday 
> is a while away I think.

According to heise.de, Microsoft will include a patch with their regular 
update on Jan 10th.

 > In the interim, Windows users should either
> avoid using IE (preferably for good ;)

As Chris said, this doesn't protect. Anything that shows an image is 
vulnerable (unless it refuses to show WMF, but I'm not aware of any 
program that has such a policy in place).

 > or do the DLL unregistering trick
> on that SANS page.

DLL unregistering isn't a complete safeguard, either.
Download Ilfak Guilfanov's patch from 
http://isc.sans.org/diary.php?storyid=999 for the best currently known 
patch.

> Whoever thought it was a good idea to design a file format that is a 
> collection of GDI invocations allowing callbacks deserves to be slapped 
> about with a wet trout anyway.

Well, it was designed at a time when viruses lived on floppy disk boot 
sectors, and the Internet wasn't covering home computers.
The *real* problem is that capability-based security still isn't the 
norm in current-day OSes.

Regards,
Jo




More information about the pmwiki-users mailing list