05 01 the importance of the wmf exploit
this is not a zero day exploit, but an exploit that has been around long before it was discovered by websense and the internet storm center set on the alerts.
"Since then, we've found that there are infected .wmf files with dates going back several weeks, so this little beauty has been around for a while.
Finally, the flaw comes as Microsoft puts more emphasis on vector graphics; this, the second of two similar vulnerabilities, is no way to evangelize developers about Windows Vista or Windows Presentation Foundation.
but than it is better to just throw out everything that doesn't respond to today's standards, period and to foresee the migrating tools for the files.
Because as metafiles in the 90's didn't need a protection against malicious code, they need no code access or api today - because of our higher security standards
time to clean up metafiles
remember mp3 tags, word tags, doc id's
metafiles and mediafiles, here comes the future - and it will kill you if you don't change
a good write-up about the lessons for developers