Re: Windows MetaFiles still vulnerable - dslreports.com

republican-creole			Search:
	login · register

	All Forums		Hot Topics		Gallery

how-to block ads

Forums » Up and Running » Security » Security » Windows MetaFiles still vulnerable


Search Topic:	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Outpost not blocking traffic on Windows shutdown »
« JaimeSmile Trojan

Author

All Replies

inTulsa
Premium
join:2002-02-24

reply to justsomebodynew
Re: Windows MetaFiles still vulnerable

said by justsomebodynew :

Some people just do not get it.

This is not a bug in windows. This WMF feature being exploited is included in all versions of Windows. It is a design decision by Microsoft that allows WMF files to execute arbitrary code.

Nope. The SETABORTPROC was designed and intended for 16-Bit Windows. It's a deprecated piece of garbage that isn't supposed to be used any longer. But now we know it's still there, even Win 2003, in all of its former glory.

said by »msdn.microsoft.com/library/defau···0d6b.asp :
The following printer escapes are obsolete. They are provided only for compatibility with 16-bit versions of Windows.

That's the section where you'll find the SETABORTPROC vector.

If the "design decision" by Microsoft was to keep 16-bit security issues compatible in all its current and future versions, then we are indeed doomed. I prefer to think it might be a "mistaken oversight" instead of a "design decision".

to forum · permalink ·

· 2006-01-02 00:31:09 · (locked)

Thread is

Topic: Follow · Sitemark · Mark Unread

Forums » Up and Running » Security » Security	Outpost not blocking traffic on Windows shutdown » « JaimeSmile Trojan


Saturday, 28-Nov 06:14:41	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF

Most commented news this week
· [121] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [71] TiVo Sees Record Customer Losses
· [69] In-Flight Internet Headed For Bumpy Landing?
· [66] Verizon CEO: Hulu Will Be Dead Soon
· [62] Thanksgiving Open Thread
· [50] Weekend Open Thread
· [40] EFF Wages War On Fine Print

Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· DIR-655 New Beta 1.32b09 [D-Link]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Backstab vs screws (not which to use) [Home Repair & Improvement]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· pfSense vs IPCop vs Zeroshell vs Monowall vs Tomato [TekSavvy]