[VIM] "Google" vulnerable to WMF?

Matthew Murphy mattmurphy at kc.rr.com
Sat Jan 14 22:54:25 EST 2006

Hash: RIPEMD160

security curmudgeon wrote:
> : > Google        Vulnerable    30-Dec-2005
> : 
> : Google's "Desktop Search" products uses the susceptible component to 
> : "size down" images for display when returning search results.  As a 
> : result of this sizing down, the WMF exploit may be executed.
> Doesn't Firefox and a dozen other programs too? I mean, they are all 
> vectors of an attack, but the actual vulnerability and susceptible code is 
> in Windows, right? Google software/code itself doesn't have the 
> weakness?

Not directly.  Problem is, Google auto-indexes the exploit files, in
essence "opening" the malicious file.  That makes it uniquely bad from a
user-interaction point-of-view.  It's a lot like Lotus Notes is believed
to be -- view a document and instantaneously you're infected.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein
Version: GnuPG v1.4.2 (MingW32)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.attrition.org/pipermail/vim/attachments/20060114/5caff81b/attachment.bin 

More information about the VIM mailing list