Windows Metafile
From Free net encyclopedia
←Older revision | Newer revision→
{{Infobox file format | name = Windows Metafile | extension = .wmf, .emf | mime = | owner = Microsoft | genre = Image file formats | creatorcode = | containerfor = | containedby = | extendedfrom = | extendedto = }} Windows Metafile (WMF) is a graphics file format on Microsoft Windows systems, originally designed in the early 1990s and not commonly used after the rise of the Internet and the widely used graphics formats such as GIF and JPEG. It is a vector graphics format which also allows the inclusion of raster graphics. Essentially, a WMF file stores a list of function calls that have to be issued to the Windows graphics layer GDI in order to restore the image. Since some GDI functions accept pointers to callback functions for error handling, a WMF file may include executable code. It is somewhat similar in purpose and design to the PostScript format used in the Unix world.
WMF is a 16-bit format introduced in Windows 3.0; a newer 32-bit version with additional commands is called Enhanced Metafile (EMF). EMF is also used as a graphics language for printer drivers.
SetAbortProc exploit
Template:Main Exploits using the "SetAbortProc" GDI function were discovered in December 2005. The function, which registers an error handler normally intended for use when a print job is cancelled during spooling, allows arbitrary code added to a WMF image to be executed without the permission of the user. Steve Gibson from Gibson Research Corporation, in his Security Now! podcast claimed that the exploit was caused by a backdoor that was built into the Metafile handler of Windows by Microsoft itself. However, many other security researchers dispute this characterization, saying that in order to be called a backdoor, there would need to be proof that Microsoft actually used this vulnerability to secretly access computers. [1]