Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Responds to WMF Vulnerability

Posted by Zonk on from the not-intentional dept.

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

4 of 221 comments (clear)

  1. Make Gibson look like an arse by Anonymous Coward · · Score: 0, Troll

    No doubt he'll come back and 'prove' this chap is a lier and continue to bang on about this for months. Gibson is a guy that seems to be able to generate a lot of traffic to his site without really being that good at what he does - all smoke really. Just look at the snake oil he pedals and judge for yourself.

    But really people, this is ancient code from Windows 3.0. Cut the guys a break. It's not like other OS's don't reuse code from previous releases that are later shown to have bugs.

    They released a tested patch in good time that didn't have any nasty after effects.

  2. Re:Every version since 3.0? by CowboyBob500 · · Score: 1, Troll

    Apple did it with OSX and the "Classic" environment - why can't Microsoft?

    I suspect that its because Windows is such a mass of spaghetti code that they simply just don't know how to anymore.

    Bob

    --
    Listen to my latest album here
  3. Re:Every version since 3.0? by Richard_at_work · · Score: 1, Troll

    The OpenBSD security audit only pertains to stuff in the base system, which misses a huge chunk of functionality.

    On the other hand, if this bug features in WINE, why wasnt it flagged as a potential issue when the developer implemented the feature? Surely it should have been as blatant as anything at that point, and shouldnt have ever made it to this point.

  4. Oh, So That's where the GDI Bug Is..NOT! by ZOverLord · · Score: 0, Troll

    Quote From Microsoft:

    Entire Statement Here:

    http://blogs.technet.com/msrc/archive/2006/01/13/4 17431.aspx

    "potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record. That restriction is the reason it's not possible to exploit this vulnerability by simply referencing an image directly in HTML. IE just won't process it"

    So we KNEW that wmf files COULD execute code during rending and BUFF-UP IE and leave the "BUG/Back-Door" as is in the GDI Library?

    Everyone KNEW, WINE would be ported Bug-for-Bug ("Puts his sun glasses on, suddenly seeing a Bright LIGHT in the distance from afar ;-)")

    **COUGH** Hey, this is around the same time "Magic Lantern" FBI lingo got started, NICE FIX Microsoft ;-)

    --
    Black Gray White Hats Unite to protect http://testing.OnlyTheRightAnswers.com