WINE Still Vulnerable to WMF Exploit 240
blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."
So... (Score:5, Interesting)
How far can someone get by working over WINE with this exploit?
Kudos to WINE (Score:5, Interesting)
On a serious note, I wonder what this means for emulation projects. If you recognize an exploit in the original environment (as possibly someone did when writing a WMF parser for WINE), do you implement the exploit in your emulator or do you introduce a potential incompatibility?
Make a copy? (Score:5, Interesting)
Isn't that the Goal? (Score:3, Interesting)
serious question (Score:3, Interesting)
I don't understand (Score:5, Interesting)
How does WINE manage to duplicate a flaw in a function that WINE doesn't even implement?
Re:I don't understand (Score:3, Interesting)
Re:serious question (Score:1, Interesting)
Re:So... (Score:4, Interesting)
Why its not really a BUG, and why WINE has it too (Score:2, Interesting)
A wmf is not a graphics format in a traditional sense, but rather a list of API calls to the GDI libraries that when fired off one after another will recreate an image.
For this reason, saying that the WMF insecurity is a bug, is like saying that the fact that you can make a malicious EXE for windows is a bug also.
I'm not saying it shouldn't be fixed, becuase it is a vulnerability, I'm just trying to shine some light on why similar vulnerabilities exist in WINE.
If I have given an incorrect explanation of WMF, please feel free to comment.
Re:Kudos to WINE (Score:5, Interesting)
That said, this story is just a lot of scaremongering from ZDNet. Sure, you could be hacked through this if you run IE in Wine and use it as a general web browser (which I doubt anybody does), but the damage would be limited to the virtual Windows environment which can be blown away and reset in 20 seconds. It's not like the reinstall from scratch job a real Windows would require. Wine also ignores any startup entries software may install.
Still, it should be fixed, probably in the same way that MS did it. And in fact Marcus has already posted a patch that would do this, so I expect it'll be fixed soon enough.
How long should a fix take? (Score:3, Interesting)
Re:serious question (Score:1, Interesting)
jpg, gif, and bmp files can not have "wmf headers".
You can make a WMF file that displays a jpg, gif, or bmp, but that's a bit different from the jpg, gif, or bmp having a "wmf header". It's a subtle difference.