If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Win98 vulnerable to .wmf malware?
"Vince" wrote:
According to Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/912840.mspx Win98/SE is vulnerable to the 0 day exploit using crafted .wmf graphics files. snip As we all know now, MS has copped out of addmitting the 9x components vulnerabilty is still potentially critical since the same vulnerability exists in principle, but they have no working code to light a rocket under their collective office chairs. Maybe it is time to invite those that understand the vulnerability in its true form to test the 9x components and see if any remote code can be made to be executed by embedding a crafted wmf file into a webpage or inline into an email... and, if it proves to be possible, initially share the proof of concept via responsible disclosure with MS team. Note there is a 3rd party sledge hammer GDI32.DLL function redirect solution like the one made for XP in case any exploit of the vulnerability is found in the wild. I'd imagine a simple binary comparison of both old and new GDI32.DLLs for XP and dissasembly of the before and after code and then a disassembly of the win9x GDI32.DLLs same area would reveal a possibility of applying a patch to the code to neuter the function that wmf files should never have had access to. Bear in mind the recent MS06-02 vulnerability described on web page: http://www.microsoft.com/technet/sec.../MS06-002.mspx is clearly listed as Critical for windows98, SE and ME in the Executive Summary yet no patch for said revisions of the operating systems is currently as of time of posting forthcomming, MS is clearly doing all it can to avoid employing programmer man hours on the old win9x source tree... Maybe they would like to relinquish all responsibility for maintaining it and just release it to the open source community and let it be openly peer reviewed and maintained and MS can then focus all it's efforts on fixing all the NT cores design and implimentation flaws |
#2
|
|||
|
|||
Win98 vulnerable to .wmf malware?
"mae" wrote:
3 hours before your post: The following updates have been successfully installed: Security Update for Windows 98 (KB908519) ms06-002 2006-01-10 15:36:40 21:36:40 Success IUENGINE Local path d:\WUTemp\com_microsoft.Windows98-KB908519-x86-174228\Windows98-KB908519-ENU ..EXE -- mae That is most interesting as even now I am not being offered the update, the only Critical update it offers is IE6 SP1 and judging by the multitude of patches that version alone would illicite if I installed it... It is not a true security update but a nest of vulnerabilities badged as a security update. In my understanding of MS06-002 it is listed as an OS vulnerability no mention of being IE version specific I'd be interested in a URL so I could obtain the win98 patch manually and see if it applies to my instalation. TIA |
#3
|
|||
|
|||
Win98 vulnerable to .wmf malware?
"mae" wrote:
3 hours before your post: The following updates have been successfully installed: Security Update for Windows 98 (KB908519) ms06-002 2006-01-10 15:36:40 21:36:40 Success IUENGINE Local path d:\WUTemp\com_microsoft.Windows98-KB908519-x86-174228\Windows98-KB908519-ENU ..EXE -- mae Thanks mae, just looked in win98 update catalogue and there it is, why oh why do MS hide these things when it could have been linked to direct from MS06-002 page like all the rest. |
#5
|
|||
|
|||
Win98 vulnerable to .wmf malware?
It's not the WMF issue they are speaking of above but are referring to
yesterdays release of MS06-002, 908519, Vulnerability in Embedded Web Fonts http://www.microsoft.com/technet/sec...ate=2006-01-10 Rick PCR wrote: Oh! That's it, then? We DID have that rotten exploitable attack vector? That was the .wmf fix, JUST after I told everyone it doesn't affect us critically? Anyhow, thanks, I took it. And Art is still jumping for joy in his .wmf... http://home.epix.net/~artnpeg/ The T2EMBED.DLL Properties seems to have fewer tabs now, though! -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR |
#6
|
|||
|
|||
Win98 vulnerable to .wmf malware?
I see. No wonder I couldn't find ".wmf" mentioned at the URL. I was just thinking the .wmf file type might have been a WEB font, which the URL did speak of. OK, thanks.
All the same, I'm officially out of the .wmf issue! -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR "Rick Chauvin" wrote in message ... | It's not the WMF issue they are speaking of above but are referring to | yesterdays release of MS06-002, 908519, Vulnerability in Embedded Web Fonts | http://www.microsoft.com/technet/sec...ate=2006-01-10 | | Rick | | | PCR wrote: | Oh! That's it, then? We DID have that rotten exploitable attack vector? | That was the .wmf fix, JUST after I told everyone it doesn't affect us | critically? Anyhow, thanks, I took it. And Art is still jumping for joy | in his .wmf... | http://home.epix.net/~artnpeg/ | | The T2EMBED.DLL Properties seems to have fewer tabs now, though! | | | -- | Thanks or Good Luck, | There may be humor in this post, and, | Naturally, you will not sue, | should things get worse after this, | PCR | | | |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Win98 vulnerable to .wmf malware? | Satellite Man | General | 25 | January 9th 06 11:11 PM |
Win98 vulnerable to .wmf malware? | PA Bear | General | 36 | January 7th 06 07:03 PM |
Win98 vulnerable to .wmf malware? | Art | General | 3 | January 5th 06 01:28 AM |
Win98 vulnerable to .wmf malware? | Rick Chauvin | General | 0 | January 4th 06 11:09 PM |
Win98 vulnerable to .wmf malware? | glee | General | 18 | January 4th 06 06:05 PM |