Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Zero-day WMF flaw underscores patch problems
Robert Lemos, SecurityFocus 2006-01-12

For four days in January, network administrators and security-savvy home users had a choice: Download and install an unofficial open-source fix for the critical flaw in the Windows Meta File (WMF) format or wait an estimated week for an official patch from Microsoft.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
where come from a zero-day flaw 2006-01-15
lucmars
You may have heard, according to S. Gibson from media.grc.com, the wmf flaw seems to be an "undocumented Windows feature" : the Escape/SETABORTPROC procedure can respond to a specific value, normally impossible, from which Windows goes directly to the code included in the metafile and execute it.
So...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus