If geeks love it, we’re on it

Interview With WMF Hero

Interview With WMF Hero

SecuriTeam has interviewed Ilfak Guilfanov, the author of the temporary patch for the Windows Metafile vulnerability.

[b]Now let’s discuss some of the details of the Windows Metafile vulnerability. There has been a lot of conflicting information about the details of the flaw. Could you just describe the vulnerability for us so that people understand what the issue is?[/b]

Yes, there is some confusion about the vulnerability. To speak simply, it is possible to get infected just by browsing the internet.

A specially-crafted WMF file can take full control of your computer. In fact, a WMF file is not an ordinary graphic file. It looks more like a program rather than a data file, because it consists of a sequence of commands for Windows.

Most are commands like ‘draw a blue line’, ‘fill a rectangle with red’, and so on.

There is one very powerful command code in WMF files. This command code means ‘if something wrong happens, do the following: …’. So the creator of the WMF file can make your computer do anything he/she wants by using this command code and deliberately creating an error condition afterward.

Source: SecuriTeam Blog

Comments

  1. csimon
    csimon weapons of mass flatulance.
  2. GHoosdum
    GHoosdum
    csimon wrote:
    weapons of mass flatulance.

    :wtf: ... ;D ... :beer:
  3. csimon
    csimon sorry ghoos I was in that kind of a mood at the moment! :thumbsup:

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!