* Richard M. Smith: > Here's my new question: Can WMF images and auto-executing exploit > code be embedded in Word, Excel, and PowerPoint files?
WMF used to be the presentation format for OLE objects (maybe it still is, I haven't been following Windows API evolution closely for about a decade), which can be contained in Office documents, of course. I'm sure you can't get rid of that use of WMF for backwards compatible reasons. It's also likely that it's part of OOXML in some form. However, it does surprise me that this particular area of the Windows code base is so difficult to fix. Once you plug the device escapes, it should be fairly self-contained. There might be some font-rendering issues, but exploitation of those should be driver-specific. -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
