http://www.ritlabs.com New posts in The Bat! vs WMF exploit: are we vulnerable? of forum at www.ritlabs.com [www.ritlabs.com] en http://backend.userland.com/rss2 Fri, 06 Jan 2006 18:40:56 +0200 The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
Microsoft has just released a fix for the WMF problem. The fix is available via Windows Update.
06 January 2006 18:40:56, Maxim Masiutin.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9621/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9621/ Fri, 06 Jan 2006 18:40:56 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
While MS is working on the patch, you can use The Bat! 3.64.03 which does not display WMF using the internal image viewer. You can download this version from http://www.ritlabs.com/download/files/the_bat/beta/tbb36403.rar
05 January 2006 06:20:48, Maxim Masiutin.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9589/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9589/ Thu, 05 Jan 2006 06:20:48 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.

====quote====
Hope M$ will roll the hotfix soon
=============

Let's hope so. Today my virus s/w (F-Prot) issued a new release to address this issue and I've also disabled Admin privaleges, though this plays havoc with my True Image scheduled backups. Still it's something.


04 January 2006 16:08:41, Alan.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9579/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9579/ Wed, 04 Jan 2006 16:08:41 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
BTW, it was asked many times to disable images in the Bat! completely...

Yes, v3 has an option to start showing an HTML message as plain text, but the IMAGE tab is still there.

04 January 2006 12:34:16, n.a. n.a..]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9575/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9575/ Wed, 04 Jan 2006 12:34:16 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
With this hack installed ZA goes crazy - it starts blocking the things it never blocked before, even those already marked as "Allowed"...

I did try that hack three times - unless I uninstall it I can't even switch the keyboard layout - Cyrillc|Latin. (Among other glitches)

Hope M$ will roll the hotfix soon. There are leaks, the new, fixed, GDI32.DLL is out there... I wish I could find it...

04 January 2006 12:30:07, n.a. n.a..]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9574/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9574/ Wed, 04 Jan 2006 12:30:07 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.

====quote====
Till next tuesday when M$ has promised it's hotfix we may all be doomed.

(The Ilfak's patch breaks ZoneAlarm on my system)
=============

I've just said to my wife before seeing your posting that I'm seriously considering pulling the internet plug until next Tuesday.

Edit: seems we are worse off than OE. In OE people are being advise to set OE to only display plain text. I can see no way to do that in The Bat (v2). I was about to upgrade to v3. Maybe it's time to look at Thunderbird.

Edit 2: Just been to the Thunderbird Forum where it mentions a Thunderbird option to stop images being downloaded:
Tools-Options-Advanced-Privacy-"Block Loading of Remote Images in Mail Messages".

Do we not need something similar in The Bat! It would be nice to get some feedback from The Bat! developers.

Edit 2 End.


Thanks for the note about Ilfak's patch breaking ZoneAlarm. I have ZA. What happened exactly to ZA and what version of ZA are you on?

Alan
04 January 2006 10:34:38, Alan.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9572/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9572/ Wed, 04 Jan 2006 10:34:38 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
This is strange that the Developer Team has not yet commented on the raging WMF exploit...

Till next tuesday when M$ has promised it's hotfix we may all be doomed.

(The Ilfak's patch breaks ZoneAlarm on my system)

04 January 2006 10:20:22, n.a. n.a..]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9571/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9571/ Wed, 04 Jan 2006 10:20:22 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.

====quote====
Since the Bat! has an image preview - I'd like to hear from the developers that in no way the Bat! will depend on external code to handle any images (SVG mainly) in the mail.
=============

I just sent myself a test wmf file and The Bat! displayed it in the image tab, next to a text tab. I would suspect that if The Bat! has already rendered the image when creating the tab, then it is too late and even ignoring the tab will not stop infection.  

I have written on this Broadband Security Forum where I have made some experiments with creating a wmf file and then renaming it to a jpg file. Windows (98 & XP) & IE (5.5 & 6) ignores the jpg, identifies the file as a wmf and displays it.

Alan
Edit: Should have said: I'm using v 2.04.7 of The Bat!

04 January 2006 10:02:16, Alan.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9570/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9570/ Wed, 04 Jan 2006 10:02:16 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
This exploit is really nasty one. It does not need to be run to activate.
Windows Meta File is handled by the OS.
Since the Bat! has an image preview - I'd like to hear from the developers that in no way the Bat! will depend on external code to handle any images (SVG mainly) in the mail.

31 December 2005 06:25:34, n.a. n.a..]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9533/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9533/ Sat, 31 Dec 2005 06:25:34 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
No. TB doesn't execute anything, so unless you open the file yourself it won't be used.
30 December 2005 16:42:43, Roelof Otten.]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9525/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9525/ Fri, 30 Dec 2005 16:42:43 +0200 The Bat! - Configuring the E-mail Client The Bat! vs WMF exploit: are we vulnerable? in forum The Bat! - Configuring the E-mail Client.
Is it deadly to receive an attached WMF-file with the Bat! ?

30 December 2005 08:10:04, n.a. n.a..]]> http://www.ritlabs.com/en/forums/forum4/topic2344/message9507/ http://www.ritlabs.com/en/forums/forum4/topic2344/message9507/ Fri, 30 Dec 2005 08:10:04 +0200 The Bat! - Configuring the E-mail Client