Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two New WMF Bugs Found

Posted by Zonk on from the patch-patch-patch-senora dept.

Resident Egoist writes "Via PCWorld the news that two new Metafile bugs have been found, just a week after the patching of previous critical WMF issues." From the article: "All three flaws concern the way Windows renders images in the Windows Metafile (WMF) format used by some CAD (computer-aided design) applications, but these latest flaws are far less serious than the vulnerability that Microsoft patched last week, according to security experts. That vulnerability was serious enough to cause Microsoft to take the unusual step of releasing an early patch for the problem, ahead of its monthly security software update."

5 of 127 comments (clear)

  1. Re:It makes you wonder... by mpeg4codec · · Score: 5, Informative

    Typically it's unusual to see ``just a crash.'' Most programmes written in C and C++ crash due to buffer overflows, which frequently lead to running unsigned code. As a general rule, if a C or C++ code crashes, it is a fairly likely possibility to be able to run arbitrary code. Just because nobody's done it yet doesn't mean that it's not possible.

  2. Microsoft Security Resource Center (MSRC) Blog by this+great+guy · · Score: 4, Informative

    More info in this Microsoft Security Resource Center (MSRC) blog post.

  3. Uhh, WMF is used by more than just CAD programs... by Caspian · · Score: 4, Informative

    This quote is severely misleading, to the point where it makes me wonder if they are trying to purposely understate the scope of the problem.

    MS Office reads WMF files. Some of the clip art available from office.microsoft.com comes in WMF format. I don't use ANY CAD programs at all, and I have dozens of WMF files on my Windows machine's hard drive (I just checked. It's Word clip art.)

    It seems like they're simply trying to get people to say "Well, ah don't know what that CAD thang is, so ah guess it dun' affect me none."
    --
    With spending like this, exactly what are "conservatives" conserving?
  4. Re:It makes you wonder... by myrdred · · Score: 5, Informative

    It really depends on the type of crash, and I'm not it's safe to jump to your conclusion so eagerly. In fact, many crashes in C programs CANNOT lead to execution of arbirtrary code, such as division by zero errors and trying to access memory with a NULL pointer.

  5. Compatibility vs. security by Max+Nugget · · Score: 4, Informative

    Part of the problem is that MS is reluctant to phase out obsolete technologies.

    Take WMF files for example. Obviously nobody making new software today, would incorporate WMF technology. It's obsolete and unpopular. The only people who use WMF tech today are those who are using software that was designed to make use of that format. And therein lies the problem. At some point in time, software programs were created that used WMF technology. MS could come out and say "WMF is obsolete, and rather than take the risk of continuing to include a software component that may compromise security, we're going to completely remove support for it in future versions of Windows, since barely anybody uses it anyway." If MS were to say that with enough legacy technologies, people would get mad at them. If you're using or writing software for some new technology, you AT LEAST want to take solace in knowing that, even if it's unpopular and discontinued, it will at least remain USABLE on future systems.

    So I can sort of understand MS's pickle from that point of view. It's sort of like users complaining that some security hole in Windows 3.1 has, in 2005, still not been patched. And on the other hand, a whole wave of users would potentially be up in arms if MS decided to, in the name of security, remove support for running old 16-bit Windows 3.1 programs in Windows XP.

    And incidentally, I have a box of clip art CDs in WMF format.

    The same people on this forum who would criticize MS for not patching AND not removing WMF support, probably wish that Windows XP had better support for the old early-mid 90's DOS games. And yet it might be a completely impractical task (not to mention an expensive one given the limited appeal of the feature) to eliminate all of the security risks posed by support for DOS (and, don't forget, back in the DOS era, a virus was more likely to format your hard drive than email your address book).

    Windows may be a feature-driven, compatibility-over-security operating system, but just because we all want security, let's not pretend we don't like features and compatibility.