WMF Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: WMF Exploit
From: davidribyrne@xxxxxxxxx
Date: 28 Dec 2005 21:52:17 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I apologize if this information has already been posted; I haven?t been able to 
read all the posts today. Many of the exploit descriptions that I?ve seen 
reference .WMF files. Like prior GDI exploits, this isn?t strictly true. If the 
exploit file is named with another graphics extension (i.e. .gif, .jpg, .png, 
.tif), the GDI library will still read it correctly as a WMF file and execute 
the exploit. As a result, all common graphics files can carry the exploit.

David Byrne

Prev by Date: [ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library
Next by Date: WMF Exploit
Previous by thread: [ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library
Next by thread: WMF Exploit
Index(es):
- Date
- Thread