Microsoft Responds to WMF Vulnerability

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

Re:Every version since 3.0?

[CowboyBob500]

Apple did it with OSX and the "Classic" environment - why can't Microsoft?

I suspect that its because Windows is such a mass of spaghetti code that they simply just don't know how to anymore.

Bob

Re:Every version since 3.0?

[Richard_at_work]

The OpenBSD security audit only pertains to stuff in the base system, which misses a huge chunk of functionality.

On the other hand, if this bug features in WINE, why wasnt it flagged as a potential issue when the developer implemented the feature? Surely it should have been as blatant as anything at that point, and shouldnt have ever made it to this point.