WMF Exploit

[Dan Hollis]

On Thu, 29 Dec 2005, Spicer, Kevin wrote:
> My file command didn't detect wmf files, so for anyone else in that boat
> heres how to add it (assuming the magic file is /usr/share/magic)
>
> Add this line to /usr/share/magic
> 0       lelong          0x9ac6cdd7      Windows Metafile Image data

This signature seems wrong.

# Ripped straight from wmf_exp.wmf
sub wmf_head {
         return
         "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
         "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
         "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
         "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
         "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
         "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
         "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
         "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!