Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: WMF Exploit
From: "Crist J. Clark" <cristjc () comcast net>
Date: Wed, 4 Jan 2006 15:27:48 -0800

On Wed, Jan 04, 2006 at 09:58:37AM -0600, Todd Towles wrote:
Ad wrote:
I don't think because here win98 doesn't recognize the .wmf extension.

Without installling a third-party image viewer, it is my understanding
that pre-Windows 2000 OS are less vulnerable. But most people do have
third-party image viewers installed and it is possible that these apps
make the OS attackable.

IE 6 displayed WMF files on a test Win98 system just fine for

Remember, just because when you double-click on a WMF file
Windows Explorer doesn't know what to do with it does NOT mean
that when presented to IE in an <img> tag, it won't. Even trying
to open the file with IE doesn't mean anything. You need to
try it in a webpage.

For example, take your sample WMF, sample.wmf, and create
a test page, wmf.htm,

        <title>WMF Rendering Test</title>
        The WMF image should appear below.
        <img src="sample.wmf" alt="Not processed!">

And load that into IE. Works for me on Win98.
Crist J. Clark                     |     cjclark () alum mit edu
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]