[Wine] Wine WMF vulnerability?
jorishuizer at planet.nl
Mon Jan 9 11:19:53 CST 2006
S. Schauenburg wrote:
> I guess it's true, if you actually read the article correctly. But
> remember WHO is vulnerable for this? For this to be exploited, I guess
> someone must put a WMF picture on a site (and you would be using IE)
> with some real Wine specific code. The problem here is, why would you
> use IE if you have Firefox running native?
> So I guess the 'threat' is actually very minimal. The extent of the
> damage done by a Wine specific WMF exploit.... I don't know, but I
> guess only your .wine dir would be affected (I'd like some
> confirmation about that).
*If* the wmf exploit could trick wine to do something unwanted to the
system, it could "only" effect files you are enabled to write to; also
it might run a program that'd continue to do whatever (spread the virus
or so?) untill you killed it, (maybe through system shutdown)
then, it would not start again, untill you would do a manual 'wineboot'
execution (or untill you explicitly started the virus yourself); this
will not happen at the moment that you boot the computer or login to
your user -- you have to call that command explicitly
That is ofcourse, assuming there is some exploit for wine specifically
-- a real windows exploit is not very likely to be able to do such
(because of implementational difference, memory differences, etc)
More information about the wine-users