Steve Gibson and the WMF vulnerability

[Art]

Steve now maintains that earlier versions of Windows do not have the
famous WMF vulnerability, which he now refers to as MICE (Metafile
Image Code Execution). Details can be found at:

http://www.grc.com

I just listened to the episode 23 of Security Focus with Steve and
Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
was patched) have the vulnerability. But Win 95, 98 and ME do not.

Steve still insists that the "backdoor" to code execution was
intentional on the part of MS (or someone working for MS). But he is
avoiding the term "backdoor" now for fairly obvious reasons and is
referring to it as MICE. He claims that Mark Rusinovich (Sys
Internals) concurs with his conclusions. Steve has a "Mousetrap"
program available in his freeware section which tests for MICE

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>

| Steve now maintains that earlier versions of Windows do not have the
| famous WMF vulnerability, which he now refers to as MICE (Metafile
| Image Code Execution). Details can be found at:
|
| http://www.grc.com
|
| I just listened to the episode 23 of Security Focus with Steve and
| Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
| was patched) have the vulnerability. But Win 95, 98 and ME do not.
|
| Steve still insists that the "backdoor" to code execution was
| intentional on the part of MS (or someone working for MS). But he is
| avoiding the term "backdoor" now for fairly obvious reasons and is
| referring to it as MICE. He claims that Mark Rusinovich (Sys
| Internals) concurs with his conclusions. Steve has a "Mousetrap"
| program available in his freeware section which tests for MICE
|
| Art
|
| http://home.epix.net/~artnpeg

I could make a joke about this but...

 

[Art]

From: "Art" <[email protected]>

| Steve now maintains that earlier versions of Windows do not have the
| famous WMF vulnerability, which he now refers to as MICE (Metafile
| Image Code Execution). Details can be found at:
|
| http://www.grc.com
|
| I just listened to the episode 23 of Security Focus with Steve and
| Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
| was patched) have the vulnerability. But Win 95, 98 and ME do not.
|
| Steve still insists that the "backdoor" to code execution was
| intentional on the part of MS (or someone working for MS). But he is
| avoiding the term "backdoor" now for fairly obvious reasons and is
| referring to it as MICE. He claims that Mark Rusinovich (Sys
| Internals) concurs with his conclusions. Steve has a "Mousetrap"
| program available in his freeware section which tests for MICE

I could make a joke about this but...

You have to have a sense of humor when you read what MS has said
about this subject. It's a riot!

Art

http://home.epix.net/~artnpeg

 

[kurt wismer]

Steve now maintains that earlier versions of Windows do not have the
famous WMF vulnerability, which he now refers to as MICE (Metafile
Image Code Execution). Details can be found at:

http://www.grc.com

I just listened to the episode 23 of Security Focus with Steve and
Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
was patched) have the vulnerability. But Win 95, 98 and ME do not.

Steve still insists that the "backdoor" to code execution was
intentional on the part of MS (or someone working for MS). But he is
avoiding the term "backdoor" now for fairly obvious reasons and is
referring to it as MICE. He claims that Mark Rusinovich (Sys
Internals) concurs with his conclusions. Steve has a "Mousetrap"
program available in his freeware section which tests for MICE

specifically, mark concurs that it was intentional... he does not agree
that it was a backdoor, however... his findings are posted here
http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html