re the WMF vulnerability

G

Guest

if we view images on a website or open image attachments we could get spyware
etc through this WMF vulnerability.

I'm not sure what they mean by view images on a website?? Every website has
images basically. Can someone explain this?
 
R

Rosanne

2pak said:
if we view images on a website or open image attachments we could get spyware
etc through this WMF vulnerability.

I'm not sure what they mean by view images on a website?? Every website has
images basically. <snip!>

Exactly. That's one reason this bug is kind of scary. If you look at
the source code behind a simple web page, for every picture you'll see a
line that says "img src", and points to a file. Your browser reads that
code and finds and opens the file (picture) for you. When you look at a
web page, you're usually looking at the contents of more than one file.
If the "picture" file has wmf code in it, the browser will still try to
open the pic for you - and end up executing the wmf code. Thumbnail
view does the same thing. So does viewing inline attachments in an
email message.
 
G

Guest

A remote code execution security issue has been identified
in the Graphics Rendering Engine that could allow an attacker
to remotely compromise your Windows-based system and gain
control over it:

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

Security Update for Windows XP (KB912919)
http://www.microsoft.com/downloads/...96-57AE-499E-B89B-215B7BB4D8E9&displaylang=en
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top