[Wine] Wine WMF vulnerability?

Joris Huizer jorishuizer at planet.nl
Mon Jan 9 11:19:53 CST 2006

S. Schauenburg wrote:
> I guess it's true, if you actually read the article correctly. But
> remember WHO is vulnerable for this? For this to be exploited, I guess
> someone must put a WMF picture on a site (and you would be using IE)
> with some real Wine specific code. The problem here is, why would you
> use IE if you have Firefox running native?
> So I guess the 'threat' is actually very minimal. The extent of the
> damage done by a Wine specific WMF exploit.... I don't know, but I
> guess only your .wine dir would be affected (I'd like some
> confirmation about that).
> Regards,

*If* the wmf exploit could trick wine to do something unwanted to the 
system, it could "only" effect files you are enabled to write to; also 
it might run a program that'd continue to do whatever (spread the virus 
or so?) untill you killed it, (maybe through system shutdown)
then, it would not start again, untill you would do a manual 'wineboot' 
execution (or untill you explicitly started the virus yourself); this 
will not happen at the moment that you boot the computer or login to 
your user -- you have to call that command explicitly

That is ofcourse, assuming there is some exploit for wine specifically 
-- a real windows exploit is not very likely to be able to do such 
(because of implementational difference, memory differences, etc)



More information about the wine-users mailing list