Steve Gibson and the WMF vulnerability

  • Thread starter Thread starter Art
  • Start date Start date
A

Art

Steve now maintains that earlier versions of Windows do not have the
famous WMF vulnerability, which he now refers to as MICE (Metafile
Image Code Execution). Details can be found at:

http://www.grc.com

I just listened to the episode 23 of Security Focus with Steve and
Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
was patched) have the vulnerability. But Win 95, 98 and ME do not.

Steve still insists that the "backdoor" to code execution was
intentional on the part of MS (or someone working for MS). But he is
avoiding the term "backdoor" now for fairly obvious reasons and is
referring to it as MICE. He claims that Mark Rusinovich (Sys
Internals) concurs with his conclusions. Steve has a "Mousetrap"
program available in his freeware section which tests for MICE :)

Art

http://home.epix.net/~artnpeg
 
From: "Art" <[email protected]>

| Steve now maintains that earlier versions of Windows do not have the
| famous WMF vulnerability, which he now refers to as MICE (Metafile
| Image Code Execution). Details can be found at:
|
| http://www.grc.com
|
| I just listened to the episode 23 of Security Focus with Steve and
| Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
| was patched) have the vulnerability. But Win 95, 98 and ME do not.
|
| Steve still insists that the "backdoor" to code execution was
| intentional on the part of MS (or someone working for MS). But he is
| avoiding the term "backdoor" now for fairly obvious reasons and is
| referring to it as MICE. He claims that Mark Rusinovich (Sys
| Internals) concurs with his conclusions. Steve has a "Mousetrap"
| program available in his freeware section which tests for MICE :)
|
| Art
|
| http://home.epix.net/~artnpeg

I could make a joke about this but... :-)
 
From: "Art" <[email protected]>

| Steve now maintains that earlier versions of Windows do not have the
| famous WMF vulnerability, which he now refers to as MICE (Metafile
| Image Code Execution). Details can be found at:
|
| http://www.grc.com
|
| I just listened to the episode 23 of Security Focus with Steve and
| Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
| was patched) have the vulnerability. But Win 95, 98 and ME do not.
|
| Steve still insists that the "backdoor" to code execution was
| intentional on the part of MS (or someone working for MS). But he is
| avoiding the term "backdoor" now for fairly obvious reasons and is
| referring to it as MICE. He claims that Mark Rusinovich (Sys
| Internals) concurs with his conclusions. Steve has a "Mousetrap"
| program available in his freeware section which tests for MICE :)
Click to expand...
I could make a joke about this but... :-)
Click to expand...

You have to have a sense of humor when you read what MS has said
about this subject. It's a riot! :)

Art

http://home.epix.net/~artnpeg
 
Art said:
Steve now maintains that earlier versions of Windows do not have the
famous WMF vulnerability, which he now refers to as MICE (Metafile
Image Code Execution). Details can be found at:

http://www.grc.com

I just listened to the episode 23 of Security Focus with Steve and
Leo LaPorte. Steve claims that WINE and NT4 (and Vista before it
was patched) have the vulnerability. But Win 95, 98 and ME do not.

Steve still insists that the "backdoor" to code execution was
intentional on the part of MS (or someone working for MS). But he is
avoiding the term "backdoor" now for fairly obvious reasons and is
referring to it as MICE. He claims that Mark Rusinovich (Sys
Internals) concurs with his conclusions. Steve has a "Mousetrap"
program available in his freeware section which tests for MICE :)
Click to expand...

specifically, mark concurs that it was intentional... he does not agree
that it was a backdoor, however... his findings are posted here
http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html
 
Back
Top