1/2/2006

WMF Flaw Is Not A Bug, It’s A Feature

Filed under: — By Aviran Mordo @ 6:15 pm

What exactly is going wrong with the WMF vulnerability?

Turns out this is not really a bug, it’s just bad design. Design from another era.

When Windows Metafiles were designed in late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something which was needed at the time.

The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction.

This function was designed to be called by Windows if a print job needed to be canceled during spooling.

This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 - shipped in 1990!

“The WMF vulnerability” probably affects more computers than any other security vulnerability, ever.

Source: F-Secure

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress