2pak wrote:
> if we view images on a website or open image attachments we could get spyware
> etc through this WMF vulnerability.
>
> I'm not sure what they mean by view images on a website?? Every website has
> images basically. <snip!>

Exactly. That's one reason this bug is kind of scary. If you look at
the source code behind a simple web page, for every picture you'll see a
line that says "img src", and points to a file. Your browser reads that
code and finds and opens the file (picture) for you. When you look at a
web page, you're usually looking at the contents of more than one file.
If the "picture" file has wmf code in it, the browser will still try to
open the pic for you - and end up executing the wmf code. Thumbnail
view does the same thing. So does viewing inline attachments in an
email message.

--
~ Rosanne
Don’t save my sneakemail address – when it gets spammed, it gets changed.