re the WMF vulnerability

[Guest]

if we view images on a website or open image attachments we could get spyware
etc through this WMF vulnerability.

I'm not sure what they mean by view images on a website?? Every website has
images basically. Can someone explain this?

 

[Rosanne]

if we view images on a website or open image attachments we could get spyware
etc through this WMF vulnerability.

I'm not sure what they mean by view images on a website?? Every website has
images basically. <snip!>

Exactly. That's one reason this bug is kind of scary. If you look at
the source code behind a simple web page, for every picture you'll see a
line that says "img src", and points to a file. Your browser reads that
code and finds and opens the file (picture) for you. When you look at a
web page, you're usually looking at the contents of more than one file.
If the "picture" file has wmf code in it, the browser will still try to
open the pic for you - and end up executing the wmf code. Thumbnail
view does the same thing. So does viewing inline attachments in an
email message.

 

[Guest]

A remote code execution security issue has been identified
in the Graphics Rendering Engine that could allow an attacker
to remotely compromise your Windows-based system and gain
control over it:

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

Security Update for Windows XP (KB912919)
http://www.microsoft.com/downloads/...96-57AE-499E-B89B-215B7BB4D8E9&displaylang=en