|
Posted by Mark Randall on January 5, 2006, 8:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
wmf is identified by a starting series of bytes, not really the extension.
All systems are vunerable, install the 3rd party patch.
--
- Mark Randall
http://www.temporal-solutions.co.uk
http://zetech.swehli.com
"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov
>
> ( I read that even IE6 on XP with sp2 was vulnerable. )
>
>
> However, I read this here:
> http://bclary.com/2004/09/26/boot-camp-content-type
>
> quote:
>
> Internet Explorer 6 on Windows XP, Service Pack 2 introduces
> a new setting under Tools->Internet Options->Security settings
> where you can choose to Disable Open files based on content,
> not file extension. Choosing Disable will make Internet Explore
> respect the Content Type at least in some circumstances.
> Unfortunately, this setting is not disabled by default.
> However, should a future exploit in Internet Explorer be discovered
> which takes advantage of the Content Type guessing,
> you can probably expect an update to Internet Explorer
> which disables Content Type guessing.
>
> unquote.
>
>
> And I did that (--disabled "Open files based on content, not file
> extension",
> - under Security > Custom Level... > Miscellaneous )
> when I got sp2.
>
> Seems to me that while that itself wouldn't protect
> against .wmf files, it should have protected against
> .wmf files masquerading as other types of images, no?
>
> ~greg
>
| 
XML site map