At 12:54 PM 1/5/2006, you wrote:
Thanks Thomas, something really useful. One thing I am still curious
about, I read that there were other image formats can be used in an
exploit, GIF, .BMP, .JPG, .TIF can also be used, according to
F-Secure. I find this a little confusing, if that dll only deals
with WMF file type then the exploit must not be directly connected
with that dll Or does that dll handle all of those as well?
But then I found this http://www.pcworld.com/howto/article/0,aid,119993,00.asp
Which makes sense. The way a lot of things I have been seeing go on
about this they act like WMF is the only format of issue and that
obviously is not at all true. I would have more likely ignored this
if it really was only WMF files and the MS patch a week or so away.
I believe Windows uses the file header/descriptor data as well as or
instead of the extension to know how to handle images. Otherwise,
simply renaming/blocking all WMF files would result in an effective
mitigation method.
-Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin