WMF exploit testing on Windows 98



I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven’t seen a way that the WMF exploits can work on Windows 98 SE. I’m running out of time before I have to run to some computer service appointments and maybe will be able to pick up again this afternoon/evening. Larry Seltzer had a post this morning that earlier versions of Windows might not be as vulnerable because they had no default WMF viewer, but with a default WMF viewer they may be susceptible. I’m still looking for a WMF viewer that makes the exploit possible on Windows 98 SE.


Again, I’ll leave this thread open to comments in case someone else finds a combination that is vulnerable. Previous posts on the issue with WMF and Windows 98 on my site are:

http://www.averyjparker.com/2006/01/02/windows-98-and-the-wmf-exploit/
http://www.averyjparker.com/2006/01/01/version-2-of-the-wmv-exploit-vs-windows-98-se/
http://www.averyjparker.com/2006/01/01/more-wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/01/wmf-exploit-and-windows-98/

Related Posts

Blog Traffic Exchange Related Posts
  • More on the Windows WMF zero-day exploit There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down,......
  • Windows XP and IPP printers I really like printers with their own built in print server. They can be plugged into the network and some operating systems can just find them. Unfortunately most of the time Windows doesn't just find an IPP printer. One tool that can be handy for such a time as this......
  • Google indexing weirdness In looking at my Google Analytics info.... I checked on the Northcarolinagenealogy.net site's stats and found that it's really dropped since about Friday or Saturday from decent traffic to next to nothing. (20 visitors a day now.) The first thing I noticed was no google.com referrers.... So, I started looking......
Blog Traffic Exchange Related Websites
  • Authenticated API I think the authenticated API is big news.  It signals additional development in an area that will benefit the entire community... I hope that there is much more to come. Here I will quickly run down various things I have done with the API since the inception... First of all......
  • Have You Hit A Brick Wall In Your Online Business? (function() {var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];s.type = 'text/javascript';s.async = true;s.src = 'http://widgets.digg.com/buttons.js';s1.parentNode.insertBefore(s, s1);})(); 10Digg Digg (function() {var s = document.createElement(‘SCRIPT’), s1 = document.getElementsByTagName(‘SCRIPT’)[0];s.type = ‘text/javascript’;s.async = true;s.src = ‘http://widgets.digg.com/buttons.js’;s1.parentNode.insertBefore(s, s1);})(); 10 Digg Digg Today I am going to talk to you about something that has been bothering me......
  • Books Closeouts BookCloseouts is the bestseller of bargain books on the internet. All of our product is offered at 50-90% off the list price. Triple your savings! BUY NEW BOOKS at 50-90% off! Shop at BookCloseOuts.comA wide range of quality books at low prices is an easy sell for affiliates. BookCloseouts.com......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

3 Responses to “WMF exploit testing on Windows 98”

  1. caius Says:


    The following HTML snippet turns InternetExplorer 5.0 into a WMF viewer; doesn’t work with Mozilla. Only tested with valid WMF files;

  2. caius Says:


    [less than] img src=”file.wmf” alt=”not vulnerable” [greaterthan]

  3. Avery Says:


    I tested that possibility – it didn’t render, didn’t trigger the exploit. IE treated it like a broken image.

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site