[Dshield] Fwd: Microsoft knew about the WMF flaw for years
cbrenton at chrisbrenton.org
Tue Jan 17 10:39:48 GMT 2006
Interesting post from Richard Smith to one of the SF lists.
-------- Forwarded Message --------
> From: Richard M. Smith <rms at computerbytesman.com>
> To: bugtraq at securityfocus.com
> Subject: Microsoft knew about the WMF flaw for years
> Date: Mon, 16 Jan 2006 10:08:49 -0500
> Stephen Toulouse writing in a Microsoft security blog has now confirmed that
> the Microsoft has known about the WMF flaw for many years:
> Looking at the WMF issue, how did it get there?
> "The potential danger of this type of metafile record was
> recognized and some applications (Internet Explorer, notably)
> will not process any metafile record of type META_ESCAPE,
> the overall type of the SetAbortProc record."
> "The reason Windows 9x is not vulnerable to a "Critical"
> attack vector is because an additional step exists in the Win9x
> platform: When not printing to a printer, applications will
> simply never process the SetAbortProc record."
> This blog entry raises a number of important questions about Microsoft's
> policy for handling security flaws in the Windows operating system:
> 1. Given the obvious dangers with SetAbortProc records, why
> didn't Microsoft simply disable the feature in the Windows
> operating system altogether and come up alternate for
> aborting printing of WMF files? Why were all the inadequate
> work-arounds in application code pursued instead?
> 2. How come word about the dangers of the WMF file
> format did not make it to the Windows NT, 2000, and XP
> development teams as well as the team responsible for
> the Picture and FAX viewer?
> 3. Given the history of problems with WMF files, why
> hasn't support for them been removed from Internet
> Explorer? Also shouldn't WMF files be marked in
> the registry as not safe-for-downloading?
> Richard M. Smith
More information about the list