[funsec] exploiting MS08-021
Richard M. Smith
rms at computerbytesman.com
Mon Apr 14 17:27:31 CDT 2008
I don't know the answer to your question, but I've asked the Microsoft
security folks for some way to turn off automatically opening WMF files in
IE. I made my query 3 or 4 WMF bugs ago, but got no reply.
Here's my new question: Can WMF images and auto-executing exploit code be
embedded in Word, Excel, and PowerPoint files?
Richard
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Larry Seltzer
Sent: Monday, April 14, 2008 5:34 PM
To: funsec at linuxbox.org
Subject: [funsec] exploiting MS08-021
There's exploit code out (http://www.milw0rm.com/exploits/5442) for MS08-021
(http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx) which
describes GDI buffer overflows in the loading of EMF and WMF files.
There were other big problems in years past in the loading of these files.
Can anyone recall if the defaults for IE were changed with respect to
loading these files, perhaps from an IFRAME?
Thanks.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer at ziffdavisenterprise.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20080414/7b92c369/attachment.htm
More information about the funsec
mailing list