Re: Windows MetaFiles still vulnerable

Author	All Replies
justsomebodynew @direcpc.com from: antdude	reply to redxii Re: Windows MetaFiles still vulnerable Some people just do not get it. This is not a bug in windows. This WMF feature being exploited is included in all versions of Windows. It is a design decision by Microsoft that allows WMF files to execute arbitrary code. See F-Secures latest BLOG entry at »www.f-secure.com/weblog/ Sure right now some of the WMF exploit code only targets certain versions of Windows but the underlying flaw still exists and Code can be written to target any version of Windows the attackers choose. Right now it appears as if the older versions like Windows 98 are not being targeted by the payloads included in the WMF exploits in the wild but it would be trival for them to design an attack that would target the same flaw in older Windows versions. So until Microsoft rewrites the code in Windows and chages the way Windows is designed to handle WMF files all computers running Windows are at risk. Even computers using the Ilfak Guilfanov patch may still be at risk if their are more exploitable functions in Windows Metafile handling other than the SetAbort escape sequence that has been fixed. It is unknown at this time what other exploitable functions exist deep in the Windows designed handling of Windows Meta Files. Hopefully no other flaws exist but without access to the Windows source code it could not be confirmed. So sure use the patch as it is the best option right now but do not feel just because all current exploits appear to be solved that their are not others out there that can be dangerous. So until Microsoft comes clean and fixes the problems with Windows Meta files handling I would consider any access to them a risk.
justsomebodynew @direcpc.com from: antdude	to forum · permalink · 2006-01-02 00:12:27 · (locked)
inTulsa Premium join:2002-02-24	said by justsomebodynew : Some people just do not get it. This is not a bug in windows. This WMF feature being exploited is included in all versions of Windows. It is a design decision by Microsoft that allows WMF files to execute arbitrary code. Nope. The SETABORTPROC was designed and intended for 16-Bit Windows. It's a deprecated piece of garbage that isn't supposed to be used any longer. But now we know it's still there, even Win 2003, in all of its former glory. said by »msdn.microsoft.com/library/defau···0d6b.asp : The following printer escapes are obsolete. They are provided only for compatibility with 16-bit versions of Windows. That's the section where you'll find the SETABORTPROC vector. If the "design decision" by Microsoft was to keep 16-bit security issues compatible in all its current and future versions, then we are indeed doomed. I prefer to think it might be a "mistaken oversight" instead of a "design decision".
inTulsa Premium join:2002-02-24	to forum · permalink · · 2006-01-02 00:31:09 · (locked)


Thursday, 08-Jan 00:33:00	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2009 dslreports.com. page compression OFF