WMF exploit testing on Windows 98



I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven’t seen a way that the WMF exploits can work on Windows 98 SE. I’m running out of time before I have to run to some computer service appointments and maybe will be able to pick up again this afternoon/evening. Larry Seltzer had a post this morning that earlier versions of Windows might not be as vulnerable because they had no default WMF viewer, but with a default WMF viewer they may be susceptible. I’m still looking for a WMF viewer that makes the exploit possible on Windows 98 SE.


Again, I’ll leave this thread open to comments in case someone else finds a combination that is vulnerable. Previous posts on the issue with WMF and Windows 98 on my site are:

http://www.averyjparker.com/2006/01/02/windows-98-and-the-wmf-exploit/
http://www.averyjparker.com/2006/01/01/version-2-of-the-wmv-exploit-vs-windows-98-se/
http://www.averyjparker.com/2006/01/01/more-wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/01/wmf-exploit-and-windows-98/

Related Posts

Blog Traffic Exchange Related Posts
  • More details on php exploit from last week Ok. I have a bit of time that I can sit down and get a little more detailed on what specifically happened late last week that shut the site down for a couple days. At one point, I had updated the ezcontents script for the main site (averyjparker.com), but I......
  • More on the Windows WMF zero-day exploit There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down,......
  • Windows 98 WMF patch This hopefully will be my last post on the whole WMF exploit stuff.... It's prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn't really brought things to a full conclusion for the Windows 98 users. Of course,......
Blog Traffic Exchange Related Websites
  • Yahoo Best Answer: Personal Muscle Building Program? Personal Muscle Building Program? I am 16 and extremely athletic. I play AAA hockey as a goaltender so my legs are pretty strong. But I need a full, 100%, workout and diet program that will have me not only gaining strength, but size as well. This includes what sort of......
  • WedNEWSday - December 10th, 2008 Grave Situation in Greece Civil unrest rages on as citizens there continue to lose faith in a corrupt government. The country's economy is in shambles with roughly 20% of the population living below the poverty line and the youngest members of the workforce (those ages 15-24) not able to find......
  • Cycling Software Model Thank goodness for the invention so long ago of the wheel without that the wonderful sport of cycling couldn't exist. Cycling is a wonderful sport both for the young and the ancient. Since it's a low-impact activity, it doesn't place as much stress on the joints as do plenty of......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

3 Responses to “WMF exploit testing on Windows 98”

  1. caius Says:


    The following HTML snippet turns InternetExplorer 5.0 into a WMF viewer; doesn’t work with Mozilla. Only tested with valid WMF files;

  2. caius Says:


    [less than] img src=”file.wmf” alt=”not vulnerable” [greaterthan]

  3. Avery Says:


    I tested that possibility – it didn’t render, didn’t trigger the exploit. IE treated it like a broken image.

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site