You may have heard, according to S. Gibson from media.grc.com, the wmf flaw seems to be an "undocumented Windows feature" : the Escape/SETABORTPROC procedure can respond to a specific value, normally impossible, from which Windows goes directly to the code included in the metafile and execute it.
So it looks like a backdoor already crafted in the source code, not something installed like a Trojan. This the kind of thing that kills the confidence ; Debian has been hit in a similar way but recovers the genuine source code in less than 24 hours. It's always possible to have a malicious contributor in an open source project. Hence, rewieving the code is a good practice, as it is said in a previous comment. And it's not a so flawed argument : one cannot argue that Wine's staff has not noticed something he cannot check.
Conclusion : a zero-day vuln can come from the inner and be exploited later. Just for this reason, it's important to rewieving the code since nobody has the same understanding of what is a feature and a security hole.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11368/32964#32964