Security Now

Jan 19th 2006

Security Now 23


Steve Gibson with the final word on the Windows Metafile (WMF) vulnerability, and a new program he's written to detect it in all versions of Windows.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.
It's now pretty clear that the ability to execute code in WMF graphics files was intentional - but we may never know why it's there. Steve wraps up the subject, lays a few myths to rest, explains why Windows 95/98/Me are not vulnerable, and offers a tool to detect the hole in all versions of Windows, including the WINE emulator for Linux.