mailing list archives
Re: Microsoft patches WMF... Wine is still exploitable?
From: Marcus Meissner <meissner () suse de>
Date: Thu, 5 Jan 2006 22:30:28 +0100
On Thu, Jan 05, 2006 at 03:15:28PM -0600, H D Moore wrote:
You have all the wrong places, this is all valid functionality.
You want this place:
Escape(hdc, mr->rdParm, mr->rdParm, (LPCSTR)&mr->rdParm, NULL);
This call should use a whitelist of the valid GDI Escapes in metafiles.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/