Search  Rules  Login
TheBat English » The Bat! - Configuring the E-mail Client
Pages: 1
RSS
The Bat! vs WMF exploit: are we vulnerable?
 
#1
0  
Is it deadly to receive an attached WMF-file with the Bat! ?
winXP-SP3 Pro, the Bat! v4.0.38
 
 
 
#2
0  
No. TB doesn't execute anything, so unless you open the file yourself it won't be used.
__________________________________
I'm just a user of The Bat! I don't work for Ritlabs.
 
 
 
#3
0  
This exploit is really nasty one. It does not need to be run to activate.
Windows Meta File is handled by the OS.
Since the Bat! has an image preview - I'd like to hear from the developers that in no way the Bat! will depend on external code to handle any images (SVG mainly) in the mail.
winXP-SP3 Pro, the Bat! v4.0.38
 
 
 
#4
0  
Quote
Since the Bat! has an image preview - I'd like to hear from the developers that in no way the Bat! will depend on external code to handle any images (SVG mainly) in the mail.

I just sent myself a test wmf file and The Bat! displayed it in the image tab, next to a text tab. I would suspect that if The Bat! has already rendered the image when creating the tab, then it is too late and even ignoring the tab will not stop infection.  :(

I have written on this Broadband Security Forum where I have made some experiments with creating a wmf file and then renaming it to a jpg file. Windows (98 & XP) & IE (5.5 & 6) ignores the jpg, identifies the file as a wmf and displays it.

Alan
Edit: Should have said: I'm using v 2.04.7 of The Bat!
 
 
 
#5
0  
This is strange that the Developer Team has not yet commented on the raging WMF exploit...

Till next tuesday when M$ has promised it's hotfix we may all be doomed.

(The Ilfak's patch breaks ZoneAlarm on my system)
winXP-SP3 Pro, the Bat! v4.0.38
 
 
 
#6
0  
Quote
Till next tuesday when M$ has promised it's hotfix we may all be doomed.

(The Ilfak's patch breaks ZoneAlarm on my system)

I've just said to my wife before seeing your posting that I'm seriously considering pulling the internet plug until next Tuesday.

Edit: seems we are worse off than OE. In OE people are being advise to set OE to only display plain text. I can see no way to do that in The Bat (v2). I was about to upgrade to v3. Maybe it's time to look at Thunderbird.

Edit 2: Just been to the Thunderbird Forum where it mentions a Thunderbird option to stop images being downloaded:
Tools-Options-Advanced-Privacy-"Block Loading of Remote Images in Mail Messages".

Do we not need something similar in The Bat! It would be nice to get some feedback from The Bat! developers.

Edit 2 End.


Thanks for the note about Ilfak's patch breaking ZoneAlarm. I have ZA. What happened exactly to ZA and what version of ZA are you on?

Alan
 
 
 
#7
0  
With this hack installed ZA goes crazy - it starts blocking the things it never blocked before, even those already marked as "Allowed"...

I did try that hack three times - unless I uninstall it I can't even switch the keyboard layout - Cyrillc|Latin. (Among other glitches)

Hope M$ will roll the hotfix soon. There are leaks, the new, fixed, GDI32.DLL is out there... I wish I could find it...
winXP-SP3 Pro, the Bat! v4.0.38
 
 
 
#8
0  
BTW, it was asked many times to disable images in the Bat! completely...

Yes, v3 has an option to start showing an HTML message as plain text, but the IMAGE tab is still there.
winXP-SP3 Pro, the Bat! v4.0.38
 
 
 
#9
0  
Quote
Hope M$ will roll the hotfix soon

Let's hope so. Today my virus s/w (F-Prot) issued a new release to address this issue and I've also disabled Admin privaleges, though this plays havoc with my True Image scheduled backups. Still it's something.
 
 
 
#10
0  
While MS is working on the patch, you can use The Bat! 3.64.03 which does not display WMF using the internal image viewer. You can download this version from http://www.ritlabs.com/download/files/the_bat/beta/tbb36403.rar
 
 
 
#11
0  
Microsoft has just released a fix for the WMF problem. The fix is available via Windows Update.
 
 
 
Pages: 1