[VIM] "Google" vulnerable to WMF?
Matthew Murphy
mattmurphy at kc.rr.com
Sat Jan 14 22:54:25 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
security curmudgeon wrote:
> : > Google Vulnerable 30-Dec-2005
> :
> : Google's "Desktop Search" products uses the susceptible component to
> : "size down" images for display when returning search results. As a
> : result of this sizing down, the WMF exploit may be executed.
>
> Doesn't Firefox and a dozen other programs too? I mean, they are all
> vectors of an attack, but the actual vulnerability and susceptible code is
> in Windows, right? Google software/code itself doesn't have the
> weakness?
Not directly. Problem is, Google auto-indexes the exploit files, in
essence "opening" the malicious file. That makes it uniquely bad from a
user-interaction point-of-view. It's a lot like Lotus Notes is believed
to be -- view a document and instantaneously you're infected.
- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDycdxfp4vUrVETTgRA7xHAJ4u7LyzVk0eVh9o4LK2MVYWrVtJjgCcDNwu
DKTPrL8I/RkyZtvivyQ805I=
=25GR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20060114/5caff81b/attachment.bin
More information about the VIM
mailing list