Linux/BSD still exposed to WMF exploit through WINE!


While news of Microsoft's official patch for the WMF exploit reaches the web, I just received an email from H D Moore (founder of the metasploit project and creator of the original proof-of-concept WMF exploit code) that WINE was still vulnerable to the WMF exploit. He was kind enough to even include a sample of the updated proof-of-concept and had this to say:

All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue.
Linux/BSD still exposed to WMF exploit through WINE! | George Ou | ZDNet.com

Linked by shanmuga Saturday, 7th January 2006 7:05AM