Microsoft knew about the WMF flaw for years

---

• From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 16 Jan 2006 10:08:49 -0500

---

Hi,

Stephen Toulouse writing in a Microsoft security blog has now confirmed that
the Microsoft has known about the WMF flaw for many years:

Looking at the WMF issue, how did it get there?
http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx

"The potential danger of this type of metafile record was
recognized and some applications (Internet Explorer, notably)
will not process any metafile record of type META_ESCAPE,
the overall type of the SetAbortProc record."

"The reason Windows 9x is not vulnerable to a "Critical"
attack vector is because an additional step exists in the Win9x
platform: When not printing to a printer, applications will
simply never process the SetAbortProc record."

This blog entry raises a number of important questions about Microsoft's
policy for handling security flaws in the Windows operating system:

1. Given the obvious dangers with SetAbortProc records, why
didn't Microsoft simply disable the feature in the Windows
operating system altogether and come up alternate for
aborting printing of WMF files? Why were all the inadequate
work-arounds in application code pursued instead?

2. How come word about the dangers of the WMF file
format did not make it to the Windows NT, 2000, and XP
development teams as well as the team responsible for
the Picture and FAX viewer?

3. Given the history of problems with WMF files, why
hasn't support for them been removed from Internet
Explorer? Also shouldn't WMF files be marked in
the registry as not safe-for-downloading?

Richard M. Smith
http://www.ComputerBytesMan.com

---

• Follow-Ups:
  • Re: Microsoft knew about the WMF flaw for years
    • From: Gadi Evron

• Prev by Date: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit
• Next by Date: Re: Linksys VPN Router (BEFVP41) DoS Vulnerability
• Previous by thread: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow - Exploit
• Next by thread: Re: Microsoft knew about the WMF flaw for years
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Import Vector Grahpics to Word - Best Format ... Adobe and Microsoft are playing a silly game of "our way or the highway" ... WMF should be a lot better, but it depends on how it is made. ... WMF will never be as good as EPS because a WMF is composed of a large number ... PNG uses 24-bit colour and retains full resolution at the expense of colour. ... (microsoft.public.mac.office.word) Re: Microsoft knew about the WMF flaw for years ... Looking at the WMF issue, ... didn't Microsoft simply disable the feature in the Windows ... Given the history of problems with WMF files, ... Explain a security issue to people who don't really understand what ... (Bugtraq) Re: Linux est plus vulnérable que Windows ... Ce qui est le plus déconcertant, c'est la faille du WMF. ... puis qu'on clique sur le lien de Microsoft, ... beaucoup de liens avant de savoir ce qu'affecte cette faille. ... (soc.culture.quebec) Re: [Full-disclosure] what we REALLY learned from WMF ... > Microsoft wants to, it can. ... > Microsoft released the WMF patch ahead of schedule ... THEY released the PATCH ahead of schedule. ... > Why should they be releasing BETA patches? ... (Full-Disclosure) Re: Clip Art and WMF files ... > the clip art gallery will show a yellow PC, ... > colored without having to do a conversion. ... >>I get the same results with WMF inserted whether I ... When I insert one of my WMF files into PowerPoint, ... (microsoft.public.powerpoint)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2006-01