The WMF exploit
Ken Porter at vowe.net explains the cause of the current Microsoft WMF vulnerability, and it's a doozie:
The problem exists with Microsoft Windows and the way it displays a certain type of graphics file called a WMF file. A WMF file can contain two types of data, data about the graphic itself, and data which contains a computer program. The idea behind putting a computer program in a graphic file is if Microsoft Windows encounters a problem displaying a particular graphic, it can run the computer program in the file to figure out how to handle the error condition.
...it has now become a problem because some people have discovered they can use these WMF files to install virus code on a Windows machine. What they do is create a WMF file with an intentional error in the graphic part of the file, and then write a computer program in the second part of the WMF file which installs a computer virus of their choice.
In other words, what started out as an attempt to be user-friendly, ended up being very user-unfriendly.
What's more, as Julian Robichaux points out:
I also noticed that some of the advisories mentioned that even if a WMF file has another image extension (like .JPG), it can still cause problems because the graphics rendering programs can auto-detect that it's really a WMF file.
More user-friendliness. Gnome's Nautilus, I've noticed, won't allow you to double-click-open certain media files if it notices that the file extension and the underlying format differ. Instead, it warns you and forces you to explicitly choose an application to open the file with. I'm not sure how all-encompassing or bullet-proof it is, but in the past I considered a nuisance - not anymore.
{2006.01.07 11:09}
rss feed