re the WMF vulnerability

if we view images on a website or open image attachments we could get spyware
etc through this WMF vulnerability.

I'm not sure what they mean by view images on a website?? Every website has
images basically. Can someone explain this?

2pak wrote:
> if we view images on a website or open image attachments we could get spyware
> etc through this WMF vulnerability.
>
> I'm not sure what they mean by view images on a website?? Every website has
> images basically. <snip!>

Exactly. That's one reason this bug is kind of scary. If you look at
the source code behind a simple web page, for every picture you'll see a
line that says "img src", and points to a file. Your browser reads that
code and finds and opens the file (picture) for you. When you look at a
web page, you're usually looking at the contents of more than one file.
If the "picture" file has wmf code in it, the browser will still try to
open the pic for you - and end up executing the wmf code. Thumbnail
view does the same thing. So does viewing inline attachments in an
email message.

--
~ Rosanne
Don’t save my sneakemail address – when it gets spammed, it gets changed.

2pak wrote:
> if we view images on a website or open image attachments we could get spyware
> etc through this WMF vulnerability.
>
> I'm not sure what they mean by view images on a website?? Every website has
> images basically. <snip!>

Exactly. That's one reason this bug is kind of scary. If you look at
the source code behind a simple web page, for every picture you'll see a
line that says "img src", and points to a file. Your browser reads that
code and finds and opens the file (picture) for you. When you look at a
web page, you're usually looking at the contents of more than one file.
If the "picture" file has wmf code in it, the browser will still try to
open the pic for you - and end up executing the wmf code. Thumbnail
view does the same thing. So does viewing inline attachments in an
email message.

--
~ Rosanne
Don’t save my sneakemail address – when it gets spammed, it gets changed.

A remote code execution security issue has been identified
in the Graphics Rendering Engine that could allow an attacker
to remotely compromise your Windows-based system and gain
control over it:

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/sec.../ms06-001.mspx

Security Update for Windows XP (KB912919)
http://www.microsoft.com/downloads/d...displaylang=en

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User


"2pak" wrote:

> if we view images on a website or open image attachments we could get spyware
> etc through this WMF vulnerability.
>
> I'm not sure what they mean by view images on a website?? Every website has
> images basically. Can someone explain this?