mailing list archives
Re: WMF round-up, updates and de-mystification
From: InfoSecBOFH <infosecbofh () gmail com>
Date: Thu, 5 Jan 2006 04:02:13 -0800
Sorry Dick. Not FUD but Fact.
The patch, if you are stupid enough to trust a third party patch in
the first place, is not perfect. So tell me again why I should share
why? Just wait for and trust your MS patch.. come on.. .would I lie
to you? :P
On 1/3/06, Richard M. Smith <rms () computerbytesman com> wrote:
Why the FUD? Under what circumstances are you aware the patch doesn't work?
Hoarding information isn't very helpful in a situation like this. Are we
talking about .5%, 5%, or 50% failure mode for the patch? How does the
failure mode of the patch compare to Microsoft's solution of killing the
Microsoft Picture/FAX viewer which also has its limitations. (Example,
someone is using a different viewer program for .WMF files that also has the
From: InfoSecBOFH [mailto:infosecbofh () gmail com]
Sent: Tuesday, January 03, 2006 6:35 AM
To: Gadi Evron
Cc: bugtraq () securityfocus com; FunSec [List];
full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] WMF round-up, updates and de-mystification
So this patch is trusted because you said so?
I have tested and confirmed that this patch only works in specific
scnenarios and does not mitigate the entire issue. Variations still work.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/