WINE Still Vulnerable to WMF Exploit 240
blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."
Finally! (Score:4, Funny)
I had no idea... (Score:5, Funny)
...that wine provided so much of the normal windows user experience. I must start recommending it to my friends
Uh, oh . . . somebody had better notify CERT. (Score:3, Funny)
That's just wrong... (Score:2, Funny)
TGIF cause stuff like this makes my head hurt.
Perfect emulation (Score:5, Funny)
Re:I don't understand (Score:4, Funny)
(If you know Perl, you'll understand)
Not impressed (Score:5, Funny)
Re:Kudos to WINE (Score:5, Funny)
WINE IS NOT AN EMULATOR!
License? (Score:3, Funny)
Well, there you go... (Score:5, Funny)
That's 3 Unix/Linux vulnerabilities to 1 for Windows. Windows is more secure.
The traditional "joke", with a twist? (Score:5, Funny)
Wow, I could never imagine this time would come, after all those here's a patch [mozilla.com] jokes!
My favorite review of this subject... (Score:3, Funny)
Makes sense to me... (Score:1, Funny)
I know that excessive use of Wine usually makes me insecure.
Re:slashdot design ... (Score:4, Funny)
slashdot design looks strange today
You just want me to commit a felony by refreshing it to see if I see what you see, don't you?
Re:Peer review of "many eyes" should've caught thi (Score:4, Funny)
Are you being smug or are you trolling on purpose? There was no pre-Win3.0 gdi32.dll. There was no hodge-podge of printer support. They all printed to LPT1 with thier own escape-codes that the software developers implemented. I print to my year old Samsung laser using my twenty year old AppleWorks. You do know that WINE can use its own built-in DLLs or Win32 native DLLs, don't you? I can switch Wine to use the Gdi32.dll that Microsoft just provided for free.
This flaw was staring the OSS community right in the face for all this time, yet the OSS community failed to find it.
I don't think the Wine Developers are looking for flaws. Most of us use Wine to play Windows Games. In what aspect is my WINE/Linux environment compromised by this Microsoft flaw? There is no kernel to infect. Are the rootkit trojans going to infect my Starcraft session and turn the Zerg into lemmings? Are you mentally challedged?
We appreciate that you like Windows, stay there. When your ready to switch to a environment that doesn't believe that you owe a fee every three years and that you own your own stuff, let us know.
Enjoy.