WMF Exploit
Scott Silva
ssilva at SGVWATER.COM
Thu Dec 29 22:56:18 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Dan Hollis spake the following on 12/29/2005 2:26 PM:
> On Thu, 29 Dec 2005, Spicer, Kevin wrote:
>
>> My file command didn't detect wmf files, so for anyone else in that boat
>> heres how to add it (assuming the magic file is /usr/share/magic)
>>
>> Add this line to /usr/share/magic
>> 0 lelong 0x9ac6cdd7 Windows Metafile Image data
>
>
> This signature seems wrong.
>
> # Ripped straight from wmf_exp.wmf
> sub wmf_head {
> return
> "\x01\x00\x09\x00\x00\x03\x52\x1f\x00\x00\x06\x00\x3d\x00\x00\x00".
> "\x00\x00\x11\x00\x00\x00\x26\x06\x0f\x00\x18\x00\xff\xff\xff\xff".
> "\xff\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x85\x00".
> "\xd0\x02\x00\x00\x09\x00\x00\x00\x26\x06\x0f\x00\x08\x00\xff\xff".
> "\xff\xff\x02\x00\x00\x00\x17\x00\x00\x00\x26\x06\x0f\x00\x23\x00".
> "\xff\xff\xff\xff\x04\x00\x1b\x00\x54\x4e\x50\x50\x14\x00\x20\x00".
> "\xb8\x00\x32\x06\x00\x00\xff\xff\x4f\x00\x14\x00\x00\x00\x4d\x00".
> "\x69\x00\x00\x00\x0a\x00\x00\x00\x26\x06\x0f\x00\x0a\x00\x54\x4e".
>
> -Dan
>
I have this in my /usr/share/magic;
# Microsoft Advanced Streaming Format (ASF) <mpruett at sgi.com>
0 belong 0x3026b275 Microsoft ASF
--
/-----------------------\ |~~\_____/~~\__ |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!| ~~~|/~~ |
\-----------------------/ ()
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list