[ros-dev] WMF Bug / SetAbortProc

M Bealby mbealby at gmail.com
Mon Jan 16 14:41:19 CET 2006


In case you've had you're head in the sand recently I'm sure you must
know about the recent WMF bug found in all recent versions of Windows.

The vulnerable function is in SetAbortProc and can be called from a
malicious WMF file as they include executable code by definition.
Windows automatically runs this a WMF file when previewing /
displaying - including from a web page!

WINE is also vulnerable, and still is.  However, from a brief look at
my svn repo I think ReactOS is safe.  SetAbortProc is in gdi32.dll,
and our version is well out of sync with WINE.  I'm not sure if this
is intentional (I don't know which dll's we share directly), but
whoever implements this function must be very careful.

More info at:
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

They also have a patch there so anyone running Windows on their
machine is recommended to patch it immediately.

Cheers,
Martin


More information about the Ros-dev mailing list