M
me
Yup -- hence the FWIW.
I missed the part about your Irfan "going nuts" on a real
exploit. That W95 PC's WMF file association is set to a non-
existant .EXE (uninstalled PSP).
J
I missed the part about your Irfan "going nuts" on a real
exploit. That W95 PC's WMF file association is set to a non-
existant .EXE (uninstalled PSP).
J
N
Norman L. DeForest
Exactly what applications *can* be used to open these files. I had my
Windows 98 machine given to me and there were a flock on *.wmf files
already installed as clip art for Microsoft Office. I can't find any
information on how such files can be used. There must be some reason why
Microsoft in their infinite wisdom[1] tied up 2.8MB of file space with
these files.
Trying to open one gets me the <paraphrased>"Duh? I dunno what it is!"
</paraphrased> message from Windows that asks *me* what to open it with.
How the [bleep] should *I* know? You (Microsoft) thought fit to put these
files here. You should know what to do with them.
I suppose I should consider myself lucky but can't help wondering what
might process such files should I install anything else from Microsoft.
[1] Error: "<sarcasm>...</sarcasm>" tags missing.
N
Norman L. DeForest
There's a gdi32.dll file in the C:\WINDOWS\SYSTEM directory on my
Windows 98 machine. (It's second-hand so I don't know if the original
owner got it installed with the system or installed with something else
he added later.)
A
Art
I'm curious, Norman. In Windows Explorer, do you see a small thumbnail
of the images when you click once on them?
BTW, I suppose you know that thrid party images viewers such as
Irfanview and XNView do display the WMF images.
Art
http://home.epix.net/~artnpeg
N
Norman L. DeForest
I had to test that. (I never use Windows Explorer.)
Viewing the directory with *.WMF clip art:
http://www.chebucto.ns.ca/~af380/temp/explor1r.gif [25KB]
Viewing a directory with JPG images in it (a copy of my web site):
http://www.chebucto.ns.ca/~af380/temp/explor2r.gif [42KB]
Viewing a slightly different directory (an older copy of my web
site) with JPG images in it after clicking on an image (the icon
just gets coloured green (my colour chosen for "selected items")):
http://www.chebucto.ns.ca/~af380/temp/explor3r.gif [42KB]
(I can keep the images there for a week.)
Clicking on one of the icons in the clip art directory also just colours
the icon green just as in the third image above.
Do they use their own code for parsing the image file or the vulnerable
gdi32.dll file from Microsoft?
Norman De Forest, wondering whether he should get Irfanview or
XNView to try out (and refraining from asking whether thrids
throw good parties).
A
Art
My wife's Win ME doesn't show thumbnails either. Nor do the Paint and
Kodak Imaging apps on her machine render WMF images.
However, using Win ME and IE6, the benign WMF file at the top of my
web page does render as a graphic image, and it should for you as
well, I presume.
Based on what I've read, I surmise they do the latter. There have been
some security warnings concerning them in this regard.
Well, if you haven't found a need for them by now, why bother?
And yes, of course, thrids throw some really wild parties!
Art
http://home.epix.net/~artnpeg
A
Ant
Norman L. DeForest said:
What you see are icons associated with the file extensions, but not
thumbnail previews of the file images. The ones on the above link are
not using the default windows icon for "I dunno what this is". They
look like Quicktime icons, but my QT image viewer won't read WMFs.
[jpeg links]
The jpegs have Firefox icons associated with them.
There wouldn't be much point in having their own parser, since WMFs
are collections of records that the GDI understands, and they can be
passed directly to it. If an application is aware that a record is not
necessary, such as the setabortproc escape call, then it could filter
it out. My version of Irfanview (3.85) is vulnerable to the exploit on
Win 2k.
An exploit coded for NT may of course not work on Win9x, and I've not
heard of any exploits or test POCs that have been made to work on 9x.
A
Ant
Art said:
There are different types of metafiles. Yours is a "placeable
metafile" with an extra header. The exploits and POCs I have are all
raw metafiles, and so far I've not been able to get IE to render them,
or Explorer to display them as thumbnails and run the exploit. Both IE
and Explorer will show your WMF on Win2k.
I might try an exploit with Irfanview on Win9x if I can find a box
here with it installed.
A
Art
I've associated WMF with a hex editor. When a WMF is renamed to JPG
(or GIF or whatever) IrfanView throws up a message saying " .... is
a WMF file with incorrect extension! Rename?"
I like that
Art
http://home.epix.net/~artnpeg
O
Offbreed
Norman said:
I'd say they can be opened with Excel or Word, then.
I think it's partially show off crap, and partially to fill the floppies
or the CD so it looks like you are getting more for your money.
Ever parse out how much of a Win98 CD is filler? Maybe half of the part
used.
H
Hoosier Daddy
Norman L. DeForest said:
Right you are, Norman. I do indeed have that file on this machine. Funny
though that the file has the archive attribute set but the hidden, read only,
and system attributes aren't set yet the "find files" doesn't show it unless
show all files is enabled.
Microsoft is really starting to piss me off.