PDA

View Full Version : Another Windows Flaw



mark.p
24-02-2004, 06:12 PM
For those interested-

A malformed .emf (Enhanced Metafile, a graphics format) file can cause
an exploitable heap overflow in (or near) shimgvw.dll.

To exploit this flaw (in explorer), simply place a malformed (invalid
"size" field) .emf file in any directory, open explorer to that path,
and view as Thumbnails. Bang. In it's simplest form it's a DOS - it
affects all explorer windows, including File Open dialogs for many
programs.

Arbitrary code execution.

Chilling_Silently
24-02-2004, 10:01 PM
So how do you make a file have an "invalid size field"?

;-)