The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

F-Secure : News from the Lab – It’s not a bug, it’s a feature

F-Secure : News from the Lab.

What exactly is going wrong with the WMF vulnerability?

Turns out this is not really a bug, it’s just bad design. Design from another era.

When Windows Metafiles were designed in late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something which was needed at the time.

The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction.

Microsoft documentation

This function was designed to be called by Windows if a print job needed to be canceled during spooling.

This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 – shipped in 1990!

“The WMF vulnerability” probably affects more computers than any other security vulnerability, ever.

Paintbrush from Windows 3.0

Advertisements

January 2, 2006 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: