From: Mike '/m' 

On Sat, 7 Jan 2006 14:29:27 -0500, "Frank Haber"
 wrote:

>>(abort something or other) but that doesn't seem to be a very important...
>
>Unimportant, but very amusing.  Let's see.. as I, bad programmer, understand
>it.....
>
>There's been this "graphics" format around since at least
Win3.  It's really
>just as much a program as a data repository - a kind of
"object" with its own
>rules, but from the procedural era.  There are all sorts of WMFs - hundreds of
>simple ones clutter Word's clipart alone.  And the API hands Joe Bozo, Coder
>Ignoto, an error handler that lets him put in his own priv'd code.  If Joe's a
>sh*t, he deliberately throws any old error, then "handles"
you by the short
>hairs, if you're running as admin.
>
>Hey guys - let's just run "Hello, World" in Ring 0 and have
done with it.  Why
>play Russian roulette with one live round out of six, if you can fill all the
>chambers and have more fun.

What I'm wondering is what other examples of this type of exploit vector
are just as deep in Windows?

Since this exploit vector made it all the way to Windows Vista, Microsoft's
own security audits can't be all they're cranked up to be in the press
releases.

~The feature was in Windows since Windows 3.1 and no one has exploited it
yet, so it must be secure.~

I am becoming more convinced that Geo. is spot-on when he says that
Microsoft does not know how to think like the bad-guy hackers.

  /m

--- BBBS/NT v4.01 Flag-5