Interview With WMF Hero

GHoosdumGHoosdum Icrontian
edited January 2006 in Science & Tech
SecuriTeam has interviewed Ilfak Guilfanov, the author of the temporary patch for the Windows Metafile vulnerability.
Now let’s discuss some of the details of the Windows Metafile vulnerability. There has been a lot of conflicting information about the details of the flaw. Could you just describe the vulnerability for us so that people understand what the issue is?

Yes, there is some confusion about the vulnerability. To speak simply, it is possible to get infected just by browsing the internet.

A specially-crafted WMF file can take full control of your computer. In fact, a WMF file is not an ordinary graphic file. It looks more like a program rather than a data file, because it consists of a sequence of commands for Windows.

Most are commands like ‘draw a blue line’, ‘fill a rectangle with red’, and so on.

There is one very powerful command code in WMF files. This command code means ‘if something wrong happens, do the following: …’. So the creator of the WMF file can make your computer do anything he/she wants by using this command code and deliberately creating an error condition afterward.
Source: SecuriTeam Blog

Comments

  • csimoncsimon Acadiana Icrontian
    edited January 2006
    weapons of mass flatulance.
  • GHoosdumGHoosdum Icrontian
    edited January 2006
    csimon wrote:
    weapons of mass flatulance.

    :wtf: ... ;D ... :beer:
  • csimoncsimon Acadiana Icrontian
    edited January 2006
    sorry ghoos I was in that kind of a mood at the moment! :thumbsup:
Sign In or Register to comment.