Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 81954
To read all comments associated with this story, please click here.
RE: Overblown
by Nathan O. on Thu 5th Jan 2006 04:56 UTC
Nathan O.
Member since:

It isn't overblown. WMF files that have been renamed to have .jpg, .gif, etc. filename extensions are just as threatening. And all you have to do is visit a web page that contains any such WMF file.

The worry isn't over WMFs that you consciously download for use as a WMF file. It's over the fact that all you have to do is visit a malicious / hacked web page to hand your computer over to a sleaze.

Reply Score: 2