03-01-06

05 01 the importance of the wmf exploit

this is not a zero day exploit, but an exploit that has been around long before it was discovered by websense and the internet storm center set on the alerts.
"Since then, we've found that there are infected .wmf files with dates going back several weeks, so this little beauty has been around for a while.
http://isc.sans.org/diary.php?rss&storyid=1015

Finally, the flaw comes as Microsoft puts more emphasis on vector graphics; this, the second of two similar vulnerabilities, is no way to evangelize developers about Windows Vista or Windows Presentation Foundation.
http://www.microsoftmonitor.com/archives/012776.html

but than it is better to just throw out everything that doesn't respond to today's standards, period and to foresee the migrating tools for the files.
Because as metafiles in the 90's didn't need a protection against malicious code, they need no code access or api today - because of our higher security standards
 
time to clean up metafiles
http://www.f-secure.com/weblog/#00000761
remember mp3 tags, word tags, doc id's
 
metafiles and mediafiles, here comes the future - and it will kill you if you don't change
 
http://blogs.securiteam.com/index.php/archives/167
a good write-up about the lessons for developers



02:06 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.