|
Full Disclosure
mailing list archives
REWMF Risk Analysis for Win9X anyone ?
From: "Peter Ferrie" <pferrie () symantec com>
Date: Fri, 6 Jan 2006 08:49:22 -0800
Did anyone conduct a compreensive risk analysis of the WMF vulnerability
for Win9X/ME systems ? ISC analysis is very ambiguous, and MS position
on the issue is more on the lines of "we don't want to be bothered".
What ARE the real risks (or lack of them) for Win9X/ME systems ?
The same as for Windows NT and 2000 - files without the placeable header will not display automatically in applications
such as Internet Explorer, and files with the placeable header are not allowed to call the vulnerable function.
However, applications other than Internet Explorer, which do recognise files without the placeable header, can call
directly into the GDI!PlayMetaFile() function, which will eventually call into the vulnerable function.
8^) p.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
